Jump to content

Recommended Posts

Posted

Does anyone know if anyone has made a duckey login brute forcer?

Any tips if I wanted to make my own?

I would probably use a java app to generate the duckscript based on a dictionary file.

If I had multiple ducks and multiple computers, say an un-gaurded computer lab, I could probably get in faster.

  • 2 weeks later...
Posted

I have looked around for brute forcer code, and discovered that the number of combinations required for even 4 character passwords make it impractical to impliment a duckey brute forcer. The only way to possably make this feasible would be to use something like CUPP the common user password profiler to generate a small password file, and then use a modified version of my duckscript converter or someone elses duckscript converter to turn the file to duckscript. Even then it still might prove impractical. Probably best to keep the duck running command line exploits and payloads ect.

  • 2 weeks later...
Posted

In the example given you're probably better off finding a way to boot a clone drive of whatever flavor you want and then try the attack away from the target area.

But really if you have the ability to boot a thumbdrive or disk in the first place you're probably better off just grabbing the SAM file and not the entire disk. Grabbing the entire disk is only handy if you believe there are parts of that disk you need to have access to that you wouldn't otherwise be able to read when mounted to a linux box.

As for the duck, maybe just have it try the most common passwords? or possibly just have it wait extremely long periods of time before trying to collect the SAM file (assumes windows) then rinse repeat. This assumes you're willing to play the high ricks odds of getting caught... (not the best solution)

Posted

You got a good point about just grabbing the SAM file instead of preforming a Brute force on site. I'm not really a pen tester or hacker, so I'm just starting to learn the ropes. Thanks for the reply.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...