Re: bash oom problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2009-10-06 at 19:17 +0100, psmith wrote:
> i'm doing some pen testing of my brother's companies network he wants
> me 
> to see if it's possible to get in so I'd be using the output as a
> word 
> list, and yes unfortunately i'll need all of it for comparison i'm
> not 
> sure if the program (aircrack) takes data from a pipe as a word list, 
> but i'll look into it

If by "getting in" you mean "guessing a password" and if the password
system accepts only 8 upper-case letters, then the answer is "it depends
how long the system takes to accept or reject an attempt". There are
26^8 possible combinations i.e. 208,827,064,576 and on average you need
to check half of them, assuming they are really random. If each attempt
takes 1 second, you get on average 6621 years for a hit on a specific
password. OTOH if an attempt takes 1 microsecond, it's just under 60
hours.

Things to bear in mind:

* If these are user-generated passwords, they are not random.
* If the intruder can check against multiple users at once (i.e. he
doesn't care which one it is) the numbers drop dramatically.
* If the system is at all well-designed it will block attempts after
some number of failures from the same origin, e.g. 3. In any case, it
should report bursts of failed attempts to the administrator.
* Social engineering beats brute force a large percentage of the time.

IOW, and in the absence of more concrete information, I'd say you're not
learning anything special by doing a brute-force check like this.

poc

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux