Collaborate Disseminate
What happened?
This is a live event that a friend of mine is working on, a company’s systems were breached by a Threat Actor (TA), when the Cyber Sec company was called in and tried to regain access they could not, as SSH authentication wo… Continue reading Can you bruteforce a SSH password without alerting the server owner?
How to conduct brute force tests for directory traversal or other operations that require trial and error without accidentally turning it into DOS attack?
It comes to how much bandwidth a site is capable of (and other things like memory) a… Continue reading Brute force without DOS’ing the server
Let’s say that my passphrase is:
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaapassword9
Yes, it looks ridiculous. But only because we already know it. An attacker, trying to brute-force their way into this passphrase, has zero knowledge about i… Continue reading How can the passphrase matter besides the very most obvious patterns?
I have the problem that in my particular Content Management System (CMS), preventing BFAs in website login forms without Rate limiting, Captcha or Two factor authentication isn’t ready out of box or requires development resources that at l… Continue reading Preventing BFAs in website login forms without Rate limiting, Captcha or Two factor authentication
How to brute crypt I already know kind of. For example I know that it gonna be five numbers separated by dashes (like "1-2-3-4-5"), but I don’t have any idea the way it was crypted. Unless it was some of the SHA hashes.
Can you r… Continue reading How to brute crypt with unknown hash?
I want to know that whether Amazon S3 Pre-Signed URL is protected from brute force attack.
For example, if I am the only person who knows the Pre-signed URL, is it extremely unlikely that somebody use brute force attack and access to bucke… Continue reading Is the Amazon S3 Pre-Signed URL protected from brute force attack?
I was practicing bruteforce attacks using John The Ripper. I want to crack a zip file. I obtained the hash and stored it in a zip file but when I attempt to crack the zip file it is giving me an error saying No password hashes loaded
I want to create a wordlist with same word in the beginning but with different numbers
example
aymen00001
aymen00002
…..
aymen39347
Continue reading I want to write a wordlist for bruteforce [closed]
Cpanel admin access is running on port 2083. I’m testing it for bruteforce using hydra.
I tried:
sudo hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.10.10 http-post-form "/:username=admin&password=^PASS^:Invalid Passwor… Continue reading Hydra http-post-method with Specific port number [closed]
In a talk about a lost or stolen laptop, it is said that:
even with hard drive encryption, eventually they can crack these secrets
But strong encryption is practically impossible to break. For example, it would take 6 billion years at 10… Continue reading Is it possible to crack a laptop’s encrypted hard disk?