Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: SV - DEV : automated forum bruteforce tester

  1. #1
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Lightbulb SV - DEV : automated forum bruteforce tester

    last night when playing with my password profiling module i built for ezpawn, i just have an idea

    since my module parse all links recursively from a web page and find unik words

    that means that if i pass the memberlist page from a forum

    the module will follow all links in the page OR

    there's the find all threads / find all posts by user .....

    or the vcard files.....and anything that is linked under the profile of each members

    it's currently running against a huge target and will finally produce a security alert report with a HUGE wordlist containing all unik words in the WHOLE forum.....

    after that the module will start seeking for weak accounts ...... and report the pairs found ......

    this will not be intended to crack forum, but to test your own forum in order to accurate your security policies.......

    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  2. #2
    Member Primey's Avatar
    Join Date
    Sep 2007
    Posts
    126

    Default



    nicely done shaman!

    that is a hell of a work you did there on EZ-Pawn

  3. #3
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    this is useing ezpawn module script but will not be include in ezpawn beta... but only in final reliz wich will occur some times before bt3final...
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  4. #4
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    as it could take up to a whole day to parse a HUGE forum like this one....
    i will add a stop / resume download function

    here more details of what i plan to do

    Language : Java Web
    Style : FIREFOX EXTENSION
    FUNCTIONS : DL & PARSE TARGET / CHECK ACCOUNTS / REPORT
    USAGE : SIMPLY SURFING THE PAGE, TOOLS MENU OF FIREFOX, CHOOSE MODULE, CLICK THE FUNCTION DESIRED......


    it's only the first brainstorming, and it will be the first firefox extension i design, so be patient
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  5. #5
    Junior Member
    Join Date
    Nov 2007
    Posts
    79

    Default

    Great idea,
    I run a forum with over 15000 members so it would be great to have something like that so I can advise users of their weak accounts which can put other forum members at risk.

    Thanks SV

  6. #6
    Just burned his ISO
    Join Date
    Jun 2007
    Posts
    14

    Default Whats your obligation?

    When you run a forum and you want to test it for weak accounts. Whats your obligations to the members of your forum? should you notify during sign up that you test accounts for weak passwords or just notify them individually when you find weak accounts. Personally I would not feel to good about someone checking my account for my password (Im sure it happens anyway, and ignorance is bliss.) When do you pass over ethical? Shaman Please in no way take this as me being critical of your work. I am a big fan of your work and was working on script for wget and all the sudden there you are popping one out before I can figure out how to remove temp directories. I even made a few modifications to passpro to allow a couple more variables at the beginning such as specifying minlen and maxlen. Again please take this as general discussion. I love your work, and Ideas.

  7. #7
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    (silently edits every one of his posts of identity before he gets owned by some disgruntled RE forum user)
    dd if=/dev/swc666 of=/dev/wyze

  8. #8
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    LOL .... i think this MUST be clear in the rules.......

    it's a question of ethics

    passpro is only a dirty thing ive wrote in 5 minutes.... the final version will have more options , like lenghts, charset limit, i will also make it dl ONLY the TEXT PARTS, because actually just dl all

    i need to add to a depth level param for the link parser.... because it follows too deep sometimes

    thx 4 your words
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  9. #9
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by shamanvirtuel View Post

    i need to add to a depth level param for the link parser.... because it follows too deep sometimes
    Yeah, I can see how that could be a problem. There are a lot of scripts out there with that logic... auditmypc.com has a very similar bit of code and it used to be public on their site (but I can't seem to find the link anymore..?)
    dd if=/dev/swc666 of=/dev/wyze

  10. #10
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    i do not need anything else than wget .... you have such dept levels , and content filters, i will maybe get only the first level of depth,..
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •