Problems with the implementation on Linux:On a linux machine, there are a few different ways of creating a thread. One of them is called fork(). When using fork to create a new thread, the application will "quickly" create a new thread which will reuse the calculated cookie for each new "fork"-ed thread. If a buffer overflow would exist in this forked thread, an attacker could bruteforce the stack canarie. Once again a great article describing this attack can be found here (Scraps of notes on remote stack overflow exploitation)
NIX 1.1.2 – A LINUX BRUTE FORCER
Download: https://cinurl.com/2vGAvw
THC-Hydra (or just Hydra) is a network logon bruteforcer which supports attacking many different services such as FTP, HTTP, HTTPS, ICQ, IRC, IMAP, LDAP, MS-SQL, MySQL, NCP, NNTP, Oracle, POP3, pcAnywhere, PostgreSQL, REXEC, RDP, RLOGIN, RSH, SAP R/3, SIP, SMB, SMTP, SNMP, SOCKS, SSH, Subversion (SVN), TeamSpeak, Telnet, VNC, VMware Auth Daemon, and XMPP. It is available in both a command line and GUI version.
Medus is another network logon bruteforcer which supports attacking many different services such as AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP, NNTP, Oracle, POP3, pcAnywhere, PostgreSQL, REXEC, RDP, RLOGIN, RSH, SMB, SMTP, SNMP, SOCKS, SSH, Subversion (SVN), Telnet, VNC, and VMware Auth Daemon. It is only available in a command line version.
Ncrack is another network logon bruteforcer which supports attacking many different services such as RDP, SSH, http(s), SMB, pop3(s), FTP, and telnet. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behavior based on network feedback.
Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allowremote authentication as possible. The author considers following items to some of the key features of this application: 2ff7e9595c
Comments