Bruteforce basic presentation_file - linx

Click here to load reader

download Bruteforce basic presentation_file - linx

of 13

  • date post

    14-Dec-2014
  • Category

    Technology

  • view

    643
  • download

    1

Embed Size (px)

description

 

Transcript of Bruteforce basic presentation_file - linx

  • 1. BRUTE FORCE, DICTIONARY ATTACK, AND THE IMPLEMENTATION Linggar Primahastoko IDSECCONF 2011

2. BACKGROUND

  • Public Information
  • Sensitive
  • Secured System

3. WHY ?

  • SQL INJECTION X
  • REMOTE FILE INCLUSION X
  • DIRECT URL ACCESS X
  • . X
  • . X
  • DICTIONARY ATTACK ?
  • BRUTE FORCE ?

4. BRUTE FORCE

  • TRY THE VARIETY KEYS

5. BRUTE FORCE 6.

  • LIMITING THE BRUTE FORCE

7. DICTIONARY ATTACK

  • TRY THE POSSIBLE KEYS

8. DICTIONARY ATTACK 9. Implementation

  • Looking for the wrong sign
  • Check that there are no wrong sign if it's true
  • Make the automation

10. system keys attacker 1. Looking for the wrong sign 2. Get the key one by one 3. Try the key 4. if there is a wrong sign,back to second step 5. if there is no wrong sign, save the key and exit 11. The Enemies

  • Connection
  • Firewall
  • Captcha
  • Limit Login Attempt
  • Time

12. Conclusions

  • Simple way to make asimple brute force attack
  • Need more additional way to secure the system
  • No system that 100% secure

13.

  • THANK YOU