[ObiWaN |k0Ld |TeeNet |Lumberjack |PHoss |VNCrack |Mail ]

Insecure protocols

HTTP

The HyperText Transfer Protocol uses an unencrypted (but base64 encoded) string for transfering username and password from the client to the server. This is not a limitation of the protocol itself (see RFC 2068) but mostly used.
Nearly all servers allow unlimited username/password tries. Fault #2 !
For brute forcing a password out of a webserver use ObiWaN.
For sniffing passwords on the LAN use PHoss.

FTP

The File Transfer Protocol is a powerfull but insecure one. It uses clear text passwords.
For sniffing FTP passwords on the LAN use PHoss.

POP3

The Post Office Protocol uses clear text passwords. Have fun with your (not only your) mails.
For sniffing POP3 passwords on the LAN use PHoss.

IMAP4

The Internet Message Access Protocol uses some times clear text passwords. Have fun with your (not only your) mails. (RFC1731 describes good secuity stuff for IMAP4 but nobody uses them.)
For sniffing IMAP4 passwords on the LAN use PHoss.

LDAP

The Lightweight Directory Access Protocol is an access protocol to X.500 like directories. Its definitions are (like for nearly all protocols) usefull and written with an eye on the security part. But like many other protocols it uses clear text passwords in many implementations.
You can scan an insecure directory tree for passwords over the net. Nice.
You may get a ldif file (LDAP data interchange format) and crack the passwords out of this file !
For brute forcing a password out of a server use k0Ld.
For cracking LDAP passwords in ldif files use Lumberjack.
For sniffing LDAP passwords on the LAN use PHoss.

Telnet

Telnet deamons are easy targets for brute force attacks. Try it using TeeNet.
For sniffing passwords in Telnet on the LAN use PHoss.

VNC

VNC is a pretty cool piece of software from ATnT (http://www.uk.research.att.com/vnc/index.html). It's small, free and a little insecure, since it uses just a password and not username/password like it should. It stores the password in nearly clear form in a file or the Registry (Windoze): encrypted with a fixed key. Additional, the max. password length is 8 chars. Nice.
Come and crack it: VNCrack
Or sniff the handshake on the net an crack it later: PHoss

back to /