Saturday, 11 September 2010
ObiWaN – Server Bruteforcer by Phenoelit
Do you like this story?
ObiWaN is the brainchild of Phenoelit, a german hacker group headed by elite hacker FX which is written to carry out brute force security testing on Webservers. The goal of ObiWaN is a brute force authentication attack against Webserver with authentication requests - and in fact to break in insecure accounts. As the official documentation says -
ObiWan is written to check Webserver. The idea behind this is: Webserver with simple challenge-response authentication mechanism mostly have no switches to set up intruder lockout or delay timings for wrong passwords. In fact this is the point to start from. Every user with a HTTP connection to a host with basic authentication can try username-password combinations as long as he/she like it.
Like other programs for UNIX system passwords (crack) or NT passwords (l0phtcrack) ObiWaN uses wordlists and alternations of numeric or alpha-numeric characters as possible passwords. Since Webservers allow unlimited requests it is a question of time and bandwith to break in a server system.
ObiWaN manipulates a weakness in HTTP protocol, which as explained by Phenoelit itself is that nearly all servers allow unlimited username/password tries for a user & it literally becomes a question of time and bandwith to break in a server. After you break-in,you are the alpha & the omega of server..
enjoy :)
like this post ? you can buy me a beer :)
Posted by XERO. ALL RIGHTS RESERVED.
This post was written by: Rishabh Dangwal
Rishabh Dangwal is a no-nonsense network geek who likes to play retro games and emulators in free time. Follow him on Twitter
0 Responses to “ObiWaN – Server Bruteforcer by Phenoelit”
Post a Comment