Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.
Course Of The Month
5 days, 3 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
sniffing / brute-forcing http password
Posted on 2006-07-09
Hello
I have an IIS server that uses simple username / password authentication to secure a directory. the username and password are created in windows as local users. it does not use SSL or anything like that.
is there any way someone on the internet may get hold of my username and / or password ? i.e. if they get hold of the username, is there any way / method / tool that would enable them to brute-force their way into the password? if so, where can I find that tool so that I can do some self-tests for vulnerability?
I have an IIS server that uses simple username / password authentication to secure a directory. the username and password are created in windows as local users. it does not use SSL or anything like that.
is there any way someone on the internet may get hold of my username and / or password ? i.e. if they get hold of the username, is there any way / method / tool that would enable them to brute-force their way into the password? if so, where can I find that tool so that I can do some self-tests for vulnerability?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3-
2
-
2
- +3
10 Comments
This method is highly suseptible to sniffing and brute force attacks and a hacker
can sniff the packets and gain entry as in regular http login the passwords are
sent in plain text.
I recomment implementing an SSL certificate, if it's not a corporate web site you
can us www.cacert.org to get great 128 bit certificates.
I hope I answered your question.
can sniff the packets and gain entry as in regular http login the passwords are
sent in plain text.
I recomment implementing an SSL certificate, if it's not a corporate web site you
can us www.cacert.org to get great 128 bit certificates.
I hope I answered your question.
Even with SSL, brute force attacks are highly possible.
The best way arrount it is to lock accouts after x bad tries within a time window.
If the authentication is done on the OS side, you might have those already in place or you should :)
If not, you'll need to code that in your Authentication scheme.
The best way arrount it is to lock accouts after x bad tries within a time window.
If the authentication is done on the OS side, you might have those already in place or you should :)
If not, you'll need to code that in your Authentication scheme.
ok. my question is how someone would be able to sniff and brute force the password?
are there any documented methods / tools you can suggest so that I can try, learn and see for myself how it's done?
are there any documented methods / tools you can suggest so that I can try, learn and see for myself how it's done?
Write a script that connects to your secured site and provide username/password to it.
Loop through requests that will try a u/p until it finds a valid one.
I'm not sure the policy of this site allows us to post links to such tools ;)
Loop through requests that will try a u/p until it finds a valid one.
I'm not sure the policy of this site allows us to post links to such tools ;)
kaerez
my server is somewhere on the internet, it's not local. I'm trying to find out how someone on the internet can sniff those packets going back and forth to and from the server.
I know how to sniff packets with ethereal, but as far as I know it only works on a local network segment.
DireOrbAnt, if you know of such tools, please email a link to me to cezmi_at_aycasadikoglu_dot
my server is somewhere on the internet, it's not local. I'm trying to find out how someone on the internet can sniff those packets going back and forth to and from the server.
I know how to sniff packets with ethereal, but as far as I know it only works on a local network segment.
DireOrbAnt, if you know of such tools, please email a link to me to cezmi_at_aycasadikoglu_dot
"my server is somewhere on the internet"
I agree with DireOrbAnt, it's against the policies of this site to teach how to crack passwords on websites.
I agree with DireOrbAnt, it's against the policies of this site to teach how to crack passwords on websites.
As mentioned this cannot be tought here that said
for security tests you can sniff packets either at
the server side or your (client) side.
for security tests you can sniff packets either at
the server side or your (client) side.
Active 4 days ago
Sniffing comes down to access for the most part. A cable modem user, may be able to sniff his/her neighbors traffic if the traffic is broadcast, arp has been poisioned, or the subnet/ip is not segregated well enough. If someone were to hack into, or gain physical access to a ISP's lan or equipment, your traffic could be sniffed. The latter is far less common, but the government is doing it currently, and for some time now.
There are many techniques to sniffing, but it's really about the boundries and access. If your on a company lan, the network adminitrator can sniff what ever port he/she want's to, any time. If it's your co-worker next to you, and they fire up ethereal, cain&abel etc... they might be able to see this info.
Most times brute-force isn't even necessary, there are a lot of protocols that are very very plain-text, and or obusifcated poorly. FTP is plain-text, SMTP is... lot's of stuff that probably should be secured isn't. Sniffing that traffic can be difficult, but there are techniques as I said.
http://en.wikipedia.org/wiki/ARP_spoofing (the links at the bottom, and in the article are good to read also)
http://en.wikipedia.org/wiki/Packet_sniffer
http://en.wikipedia.org/wiki/Man-in-the-middle
-rich
There are many techniques to sniffing, but it's really about the boundries and access. If your on a company lan, the network adminitrator can sniff what ever port he/she want's to, any time. If it's your co-worker next to you, and they fire up ethereal, cain&abel etc... they might be able to see this info.
Most times brute-force isn't even necessary, there are a lot of protocols that are very very plain-text, and or obusifcated poorly. FTP is plain-text, SMTP is... lot's of stuff that probably should be secured isn't. Sniffing that traffic can be difficult, but there are techniques as I said.
http://en.wikipedia.org/wiki/ARP_spoofing (the links at the bottom, and in the article are good to read also)
http://en.wikipedia.org/wiki/Packet_sniffer
http://en.wikipedia.org/wiki/Man-in-the-middle
-rich
Active today
To name another leak:
If you're going through an Europe based ISP/Site, soon (at the latest januari 1st, 2007) all kinds of traffic are logged and stored
by the various governments this is mandatory for every ISP that wants to stay in business within the EU. So all unencrypted traffic
will be legible by various people in the government. (Theoretically after a warrent has been issued....)
If you're going through an Europe based ISP/Site, soon (at the latest januari 1st, 2007) all kinds of traffic are logged and stored
by the various governments this is mandatory for every ISP that wants to stay in business within the EU. So all unencrypted traffic
will be legible by various people in the government. (Theoretically after a warrent has been issued....)
Featured Post
Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication. I found to my own chagrin, that there is a big downside as well.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers.
According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month5 days, 3 hours left to enroll
Earn Certification
Cisco CCNA Security: IINS v3.0
$197.00$177.30
Earn Certification
Cisco CCNP Security: SITCS
$197.00$177.30
688 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.