Main » 2011 » Март » 16 » Feint ears
10:35
Feint ears
Immediately I found that the case of letters does not matter. The presence of any protection on the frequency of logins and failed attempts counter I have not had hoped for. And it was not. I shared my thoughts with Michael and we quickly figured the number of possible combinations, and roughly the maximum time most primitive http-bruteforce on their exhaustive search. They laughed, and decided that tomorrow will be at Michael good reason for the report, as I will demonstrate that no one was povadno.

Next I opened firebug, but that is something I have started to fail after the upgrade, then just looked at the code for the form and realized that perhaps our friends, not only can not impose, but also get to post the same. Though the form and sent post requests, however, address the form myrange.ru / login? Code = fuck, also had success.

We agreed that night I get the entire list of usernames and strip off his morning report. Good night to the point. Everything was convenient to madness and trivial. In the case of successful completion of the authentication server to return the 302nd redirect to the profile page, otherwise the 200th code with a form login.

I opened the editor, and a slightly lit by Mann curl a minute later the result:
#! / Bin / bash for w in {{a.. Z}, {0 .. 9}} {{a .. z}, {0 .. 9}} {{a.. z}, {0 .. 9}} {{a.. z}, {0 .. 9}}; do curl-I - write -out% {http_code} - silent - output / dev / null http://myrange.ru/login?code = $ w; echo "$ w"; done has kept both brute.sh, and then run (executable exhibit flag in this case it was used too much, and yes I have a home partition mounted with noexec):
$ sh brut.sh> brut.txt

One to watch:
$ tail-f brut.txt
as quickly crawled record type:
...
200 abc0
200 abc1
302 abc2
200 abc3
...

First 5 logins were obtained in a minute. Further, this number is growing rapidly.
$ Grep 302 brut.txt | wc-l
336
Spot check revealed that everything is working:

and I add volume and speakers include alarm Admin
$ sleep 5h & & cat / dev / urandom>> / dev / dsp
went to bed.

I woke up still on call Skype, Michael got up earlier. I was surprised to discover that brute has not yet come to an end. Immediately detected and the reason for that. After ~ 200,000 head requests to their server for more than 5 hours (total of some 10 per second), their entire website is now working at a snail's pace. I stopped the brute, but the situation has not improved, probably another half hour the page opened for several minutes, then the situation slowly began to build, but it definitely was not normal.

I then tried the sake of experiment and Brutus was as follows: 10 queries quickly, then 4.5 second pause, three quick, and 4-5 pause, then repeats. Either the admin server did something, but this is unlikely, it is unclear if he looked at least the logs, then why did not immediately banned my aypishnik, stopping the ugliness? Either ... so again I was curious to what it works. They obviously somewhere a memory leak or open connections, something like that.

Views: 457 | Added by: w1zard | Rating: 0.0/0
Total comments: 0
Имя *:
Email *:
Код *: