ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

DonationCoder.com Software > N.A.N.Y. 2013

N.A.N.Y. 2013 Submission - FreeNAS Brute Forcer

<< < (2/3) > >>

Stoic Joker:
Um... Is this supposed to open and automatically target a specific (private but non-local) IP address by default?

Renegade:
Um... Is this supposed to open and automatically target a specific (private but non-local) IP address by default?
-Stoic Joker (November 21, 2012, 06:46 AM)
--- End quote ---

Well, the idea is that you'd use it on your own FreeNAS box on your own local network. You'd normally have it assigned a static IP address, or I would anyways. It doesn't target network paths like //freenas/shared/whatever.

It will work across the WAN to an exposed FreeNAS box though. Just slower...

But, it brute forces based on user names and passwords that you supply. It does not generate them. That makes it less open to abuse. Also, if anyone wanted to paste in a dictionary, well, they'll need to modify it and recompile. I've left something in there to prevent massive dictionary attacks. It will throw an error in that case. For its intended purpose, it's perfectly fine.

For automatic - it is automatic once you enter the possible user names, and possible passwords, and the IP address. From there on, it just goes.

Stoic Joker:
Um... Is this supposed to open and automatically target a specific (private but non-local) IP address by default?
-Stoic Joker (November 21, 2012, 06:46 AM)
--- End quote ---

Well, the idea is that you'd use it on your own FreeNAS box on your own local network. You'd normally have it assigned a static IP address, or I would anyways. It doesn't target network paths like //freenas/shared/whatever.
-Renegade (November 21, 2012, 07:14 AM)
--- End quote ---

Understood ... It just struck me as odd that it (first time) started with a target already in mind. And thought that it might be leftover test data (leakage).

Renegade:
Understood ... It just struck me as odd that it (first time) started with a target already in mind. And thought that it might be leftover test data (leakage).
-Stoic Joker (November 21, 2012, 07:25 AM)
--- End quote ---

Ah... That...

Yeah, I just put in some common users and the default password then stuck in a typical IP address for a LAN. Since 1 is the router, I just stuck on a zero for .10 there. It also serves as a simple example of what to enter, making explaining it simpler. It could have been 2, but I figured that's kind of silly as after the router, other computers would likely be on the network first, and 2 would be taken. Hence, 10.

Stoic Joker:
It also serves as a simple example of what to enter, making explaining it simpler.-Renegade (November 21, 2012, 07:42 AM)
--- End quote ---

[Insert Abject Horror Smiley] Pardon me for waxing elitist...but if they don't know what an IP address is, wouldn't it be safer if they stayed out of the box in question?  :D

If it's a case if input limitations (no name lookup code [gethostbyname(pstrHost)], etc.), I usually just use an IP address input control to force the issue for me. Or let a name/IP radio button set toggle textbox/IP address controls into view in the same location (all the user sees is the 3 dots appear and disapear).

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version