May 24, 2016, 2:28 AM
Post #1 of 1
Perl dictionary attack against myself with forks or threads
This has a lot to engrained but I'll first get to the main part I can't seem to manage.
I'm willing to pay $15btc (or you tell me but be easy) for exactly what I want here.
I have an xmpp server that requires authentication. I can do this with perl SSL.
I've been in bad ways with the rest.
Here is what I want to try:
Open a large dictionary file with multiple threads or forks .... However, I just can't get it right for whatever reason. I've tried many things and eventually scrapped it all to start over.
Ok. So, I want to open a big dictionary and attempt to brute dictionary attack logins to my server for any particular username. It sounds more malicious than it is. My friend has created a Java equivalent that works well but I want it to be perl. (Let perl live!)
I want to open a file with 100k(+-) passwords
I want to spread each 'bundle' into.... Let's say 100 passwords.
I want to create a thread for each bundle (it doesn't have to be 100, it can be split into smaller parts too, just for speed).
Then, I'd like for each bundle to attempt the brute dictionary attack, and of course, stop all children if the match is found.
In my tests, all of the forks/threads start from the beginning and repeat already-tried attempts. I have tried (probably wrong method) to split the array of 100k into small arrays and then assign to fork/thread but I'm having data flow issues I guess (?)
My server is using SSL so I'm using the perl io::socket::ssl, breaking down the array and trying to cycle through all of passwords, using threads/forks for obvious speed reasons.
I would like to read in a large dictionary, split it into (n=number of threads equal parts), and initiate the 'attack' from there. If any thread finds the match, it's to stop all children and report back.
The bonus part:
My server is set to reject more than 2 attempts at one time. I can control this but I'd instead like to integrate proxy support as a bypass... To see if it's possible to this way.
Blocks 2+ attempts (wanting to add proxy to each thread)
Read in large dictionary file for dictionary attack
Split large file based on number of threads I set
Each thread reads its own split of the file and does the attempts to authenticate
Stop when authentication success happens
I am open to any all-perl method because it's just a pentest for myself and knowledge, I don't have much experience with forking nor threads, especially not with split data source and having each fork/thread read only a section, adding onto this, I have never tried to add proxy to each fork/thread for the request.
I scrapped my code tests or I would include what I've failed with, they may be backed up on a drove somewhere. (I was attempting to do line numbers like @block1 = 1..100, @block2 = 101..200 etc, but dynamically getting the numbers,)
Any help is appreciated here and explanation of what is taking place at key areas would be greatly appreciated.
I can install any modules needed or that could help it along.
Thanks again for any suggestions or code that gets me closer to my goal.