bruteforce basic presentation_file - linx
Post on 14-Dec-2014
655 Views
Preview:
DESCRIPTION
TRANSCRIPT
BRUTE FORCE, DICTIONARY ATTACK,AND THE IMPLEMENTATION
Linggar PrimahastokoIDSECCONF 2011
BACKGROUND
Public Information Sensitive Secured System
WHY ?
SQL INJECTION X REMOTE FILE INCLUSION X DIRECT URL ACCESS X …. X …. X DICTIONARY ATTACK ? BRUTE FORCE ?
BRUTE FORCE
TRY THE VARIETY KEYS
BRUTE FORCE
LIMITING THE BRUTE FORCE
DICTIONARY ATTACK
TRY THE POSSIBLE KEYS
DICTIONARY ATTACK
Implementation
Looking for the wrong sign Check that there are no wrong sign if it's true Make the automation
system
keys
attacker1. Looking for the wrong sign
2. G
et th
e ke
y on
e by
one
3. Try the key
4. if there is a wrong sign,back to second step
5. if there is no wrong sign,save the key and exit
The Enemies
Connection Firewall Captcha Limit Login Attempt Time
Conclusions
Simple way to make a simple brute force attack Need more additional way to secure the system No system that 100% secure
THANK YOU
top related