Brute force cu mine ?

This article has been written before more than 24months, information might old.

Azi dimineata cand imi faceam rutina obisnuita pe internet observ cu surprindere ca servarul meu ftp ” lucreaza ” , si stiu ca asta este imposibil pentru ca numai eu operez ftp-ul meu , atunci am deschis repede logurile sa vad ce se intampla cand le am deskis si am vazut :

(000113) 12/12/2008 05:45: - (not logged in) (66.71.240.210)> USER Administrator
(000113) 12/12/2008 05:45: - (not logged in) (66.71.240.210)> 331 Password required for administrator
(000113) 12/12/2008 05:45: - (not logged in) (66.71.240.210)> PASS ********
(000113) 12/12/2008 05:45: - (not logged in) (66.71.240.210)> 530 Login or password incorrect!
(000113) 12/12/2008 05:46: - (not logged in) (66.71.240.210)> PASS ********
(000113) 12/12/2008 05:46: - (not logged in) (66.71.240.210)> 530 Login or password incorrect!
(000113) 12/12/2008 05:46: - (not logged in) (66.71.240.210)> 421 Login time exceeded. Closing control connection.
(000113) 12/12/2008 05:46: - (not logged in) (66.71.240.210)> disconnected.
(000114) 12/12/2008 05:46: - (not logged in) (66.71.240.210)> Connected, sending welcome message...
(000114) 12/12/2008 05:46: - (not logged in) (66.71.240.210)> 220-FileZilla Server version 0.9.27 beta
(000114) 12/12/2008 05:46: - (not logged in) (66.71.240.210)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000114) 12/12/2008 05:46: - (not logged in) (66.71.240.210)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000114) 12/12/2008 05:46: - (not logged in) (66.71.240.210)> USER Administrator
(000114) 12/12/2008 05:46: - (not logged in) (66.71.240.210)> 331 Password required for administrator
(000114) 12/12/2008 05:46: - (not logged in) (66.71.240.210)> USER Administrator
(000114) 12/12/2008 05:46: - (not logged in) (66.71.240.210)> 331 Password required for administrator
(000114) 12/12/2008 05:46: - (not logged in) (66.71.240.210)> PASS ********
(000114) 12/12/2008 05:46: - (not logged in) (66.71.240.210)> 530 Login or password incorrect!
(000114) 12/12/2008 05:47: - (not logged in) (66.71.240.210)> PASS ********
(000114) 12/12/2008 05:47: - (not logged in) (66.71.240.210)> 530 Login or password incorrect!
(000114) 12/12/2008 05:47: - (not logged in) (66.71.240.210)> 421 Login time exceeded. Closing control connection.
(000114) 12/12/2008 05:47: - (not logged in) (66.71.240.210)> disconnected.
(000115) 12/12/2008 05:47: - (not logged in) (66.71.240.210)> Connected, sending welcome message...
(000115) 12/12/2008 05:47: - (not logged in) (66.71.240.210)> 220-FileZilla Server version 0.9.27 beta
(000115) 12/12/2008 05:47: - (not logged in) (66.71.240.210)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000115) 12/12/2008 05:47: - (not logged in) (66.71.240.210)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000115) 12/12/2008 05:47: - (not logged in) (66.71.240.210)> USER Administrator
(000115) 12/12/2008 05:47: - (not logged in) (66.71.240.210)> 331 Password required for administrator
(000115) 12/12/2008 05:47: - (not logged in) (66.71.240.210)> USER Administrator
(000115) 12/12/2008 05:47: - (not logged in) (66.71.240.210)> 331 Password required for administrator
(000115) 12/12/2008 05:47: - (not logged in) (66.71.240.210)> PASS *****
(000115) 12/12/2008 05:47: - (not logged in) (66.71.240.210)> 530 Login or password incorrect!
(000115) 12/12/2008 05:48: - (not logged in) (66.71.240.210)> PASS *****
(000115) 12/12/2008 05:48: - (not logged in) (66.71.240.210)> 530 Login or password incorrect!
(000115) 12/12/2008 05:48: - (not logged in) (66.71.240.210)> 421 Login time exceeded. Closing control connection.
(000115) 12/12/2008 05:48: - (not logged in) (66.71.240.210)> disconnected.
(000116) 12/12/2008 05:48: - (not logged in) (66.71.240.210)> Connected, sending welcome message...
(000116) 12/12/2008 05:48: - (not logged in) (66.71.240.210)> 220-FileZilla Server version 0.9.27 beta
(000116) 12/12/2008 05:48: - (not logged in) (66.71.240.210)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000116) 12/12/2008 05:48: - (not logged in) (66.71.240.210)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000116) 12/12/2008 05:48: - (not logged in) (66.71.240.210)> USER Administrator
(000116) 12/12/2008 05:48: - (not logged in) (66.71.240.210)> 331 Password required for administrator
(000116) 12/12/2008 05:48: - (not logged in) (66.71.240.210)> USER Administrator
(000116) 12/12/2008 05:48: - (not logged in) (66.71.240.210)> 331 Password required for administrator
(000116) 12/12/2008 05:48: - (not logged in) (66.71.240.210)> PASS ******
(000116) 12/12/2008 05:48: - (not logged in) (66.71.240.210)> 530 Login or password incorrect!
(000116) 12/12/2008 05:49: - (not logged in) (66.71.240.210)> PASS ******
(000116) 12/12/2008 05:49: - (not logged in) (66.71.240.210)> 530 Login or password incorrect!
(000116) 12/12/2008 05:49: - (not logged in) (66.71.240.210)> 421 Login time exceeded. Closing control connection.
(000116) 12/12/2008 05:49: - (not logged in) (66.71.240.210)> disconnected.
(000117) 12/12/2008 05:49: - (not logged in) (66.71.240.210)> Connected, sending welcome message...
(000117) 12/12/2008 05:49: - (not logged in) (66.71.240.210)> 220-FileZilla Server version 0.9.27 beta
(000117) 12/12/2008 05:49: - (not logged in) (66.71.240.210)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000117) 12/12/2008 05:49: - (not logged in) (66.71.240.210)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000117) 12/12/2008 05:49: - (not logged in) (66.71.240.210)> USER Administrator
(000117) 12/12/2008 05:49: - (not logged in) (66.71.240.210)> 331 Password required for administrator
(000117) 12/12/2008 05:49: - (not logged in) (66.71.240.210)> USER Administrator
(000117) 12/12/2008 05:49: - (not logged in) (66.71.240.210)> 331 Password required for administrator
(000117) 12/12/2008 05:49: - (not logged in) (66.71.240.210)> PASS *****
(000117) 12/12/2008 05:49: - (not logged in) (66.71.240.210)> 530 Login or password incorrect!
(000117) 12/12/2008 05:50: - (not logged in) (66.71.240.210)> PASS *****
(000117) 12/12/2008 05:50: - (not logged in) (66.71.240.210)> 530 Login or password incorrect!
(000117) 12/12/2008 05:50: - (not logged in) (66.71.240.210)> 421 Login time exceeded. Closing control connection.
(000117) 12/12/2008 05:50: - (not logged in) (66.71.240.210)> disconnected.
(000118) 12/12/2008 05:50: - (not logged in) (66.71.240.210)> Connected, sending welcome message...
(000118) 12/12/2008 05:50: - (not logged in) (66.71.240.210)> 220-FileZilla Server version 0.9.27 beta
(000118) 12/12/2008 05:50: - (not logged in) (66.71.240.210)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000118) 12/12/2008 05:50: - (not logged in) (66.71.240.210)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000118) 12/12/2008 05:50: - (not logged in) (66.71.240.210)> USER Administrator
(000118) 12/12/2008 05:50: - (not logged in) (66.71.240.210)> 331 Password required for administrator
(000118) 12/12/2008 05:50: - (not logged in) (66.71.240.210)> USER Administrator
(000118) 12/12/2008 05:50: - (not logged in) (66.71.240.210)> 331 Password required for administrator
(000118) 12/12/2008 05:50: - (not logged in) (66.71.240.210)> PASS *****
(000118) 12/12/2008 05:50: - (not logged in) (66.71.240.210)> 530 Login or password incorrect!
(000118) 12/12/2008 05:51: - (not logged in) (66.71.240.210)> PASS *****
(000118) 12/12/2008 05:51: - (not logged in) (66.71.240.210)> 530 Login or password incorrect!
(000118) 12/12/2008 05:51: - (not logged in) (66.71.240.210)> 421 Login time exceeded. Closing control

Mi am dat seama imediat ca este vorba de brute force oricum eu am protectie la peste 1500 de autentificari incorecte interzicere automata ip , normal probabil o sa va intrebati de ce 1500 de ce un numar asa mare ? Pentru ca in general eu nu prea limitez nici un fel de resurse ca sa pot sa fac tot ce e posibil , intodeauna pun limite foarte ridicate pe de alta parte brute force-ul oricum este imposibil sa functioneze cu conturile bine protejate , eu pun parole pe care nici eu nu le stiu si intodeauna sunt realizate din caractere aleatorii de toate tipurile , prin brute force dureaza sa afli o asemenea parola circa … 5000 de ani cel putin , dar totusi acest brute force mi a adus aminte de vremurile in care erau mai multi ” hackerii ” ca acum adica atunci cand era mania cu brute force si toti foloseau software-uri de brute force ca brutus si asteptau si 3 luni sa sparga un ftp .. multi dintre ei au reusit cunosteam pe net la vremea aceea tot felul de pustani care prin brute force au reusit sa strice temporar site-uri destul de cunoscute , dar asta se intampla cu ceva ani in urma …
Alta metoda robusta dar populara ( mai ales la vremea respectiva ) si care nu implica nici un fel de cunostinte era cautarea filelor in care se salveaza datele ftp , in general se cauta prin programe de share , normal dupa obtinera filei era o nimica toata sa ai acces la modificarea filelor site-urilor care erau listate in fila respectiva .

Dar totusi cand esti victima unei incercari de brute force te tot gandesti care este atacatorul , oricum sti ca nu merita sa incerci sa afli ceva , dar in general eu sunt de pararere ca 80/100 din atacurile web de gen sql-inject , xss , rfi , lfi , xsfr , rce vulnerability , ddos si asa mai departe sunt lucrarile unor minori care nu au ce face , iar odata cu maturizarea le trece si pofta de flood si exploatari de vulnerabilitati .

Share the joy

Leave a Reply