BRUTE FORCE, DICTIONARY ATTACK,AND THE IMPLEMENTATION

Linggar PrimahastokoIDSECCONF 2011

BACKGROUND

Public Information Sensitive Secured System

WHY ?

SQL INJECTION X REMOTE FILE INCLUSION X DIRECT URL ACCESS X …. X …. X DICTIONARY ATTACK ? BRUTE FORCE ?

BRUTE FORCE

TRY THE VARIETY KEYS

BRUTE FORCE

LIMITING THE BRUTE FORCE

DICTIONARY ATTACK

TRY THE POSSIBLE KEYS

DICTIONARY ATTACK

Implementation

Looking for the wrong sign Check that there are no wrong sign if it's true Make the automation

system

keys

attacker1. Looking for the wrong sign

2. G

et th

e ke

y on

e by

one

3. Try the key

4. if there is a wrong sign,back to second step

5. if there is no wrong sign,save the key and exit

The Enemies

Connection Firewall Captcha Limit Login Attempt Time

Conclusions

Simple way to make a simple brute force attack Need more additional way to secure the system No system that 100% secure

THANK YOU