A tool by the name of Brutus has quickly become one of the best password crackers on the internet, along with Unix's Crack, Nt's NTCrack, John the Ripper, and The L0pht Crack Series. But unlike those password crackers this one is complely remote based.
Brutus can remotely crack SMB (netbios), telnet auth, HTTP Basic Auth, HTTP Form, POP3, and FTP sessions via brute force attacks. Brutus also has the ability to you to create more BAD or Brutus Application Definition these are custom attacks on Remote applications.
To do this you have to Define the Sequence this is done by going into the dropdown bar labled "Type" then clicking "Custom" This will cause a new button to appear in the Authentication area of the program it's labled"Define Sequence". When you Click it a box appears named Brutus - Authentication Definiton Sequence
I hope that you have found this useful or at least interesting.
July 12th, 2002, 09:45 PM
i used to have brutus and it worked great when i needed to um, test my own security but then i put together a new machine and didnt get brutus back. now i have it and i suggest that anybody that doesnt already have it should get it.
July 12th, 2002, 09:48 PM
also if you have a default password list for OS's you can run it w/ that password list to check if you have any default password problems.
"Hackers know the Weeknessess of your system, Shouldnt you" That as you know is AntiOnline's slogan. The object of this post was to help system administrators and people that just like to be secure to help secure systems that they own. I just wanted to help.
So to the person that said this.
You have -31 AntiPoints Password crackers are ****ing usless.. Go home you lamer!
Im sorry you feel that way I was just trying to help.
July 12th, 2002, 10:50 PM
Don't you think this seems sort of suppiscouse? What if it has a virus?
July 12th, 2002, 10:51 PM
It doesnt ive checked it for virus/trojans and it's clean (trust me i would tell you if it had a virus)
July 12th, 2002, 11:02 PM
I used Brutus to test my Linux box ounce and I found 9 default passwords and Null logins
July 12th, 2002, 11:10 PM
if youre afraid of it having a trojan or virus download it, it is a ZIP file, and just have your virus scanner scan as your downloading, that way if it is infected youll no and the virus scanner will stop the download and ask you if you want to keep going. and wow, my scanner didnt detect anything! what a surprise ;) nobody here on AO is mean enough to try and infect fellow members with a trojan or other virus, except maybe the lamers
July 13th, 2002, 12:01 AM
BTW: I always scan files for Virii&Trojans before I post them anywere I wouldnt knowlingly infect anyone with a trojan or a virus cause that is slowly tearing the internet apart. Thank god for AntiVirus
And Yes Brutus was ment to be a malitious program you can see from the documentation and the fact that it inculdes Netbus.bad in the zip but for the purpose of securing a system that allows remote access it's great.
July 13th, 2002, 02:21 AM
This tool was given out in a vulnerability assessment course I attended a few years back and it has proven to be very useful. It's the only cracker I know of for most of the things v3n0m356 listed in the original post. Thanks for the re-intro!
July 13th, 2002, 02:51 AM
I just scanned the file with Norton 's AV and it's Virii free. Thanks v3n0m356!