.

brute force with bounce attack ?!

<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Sun Jul 25, 2010 6:35 am

brute force with bounce attack ?!

i want to know how to brute force or crack telnet passwords or watever FTP even with bounce proxy attack ..whether its LAN attack or WAN connection attack

and if its LAN attack with bounce proxy ...will it be appear like it coming from WAN ???
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Tue Jul 27, 2010 5:23 am

Re: brute force with bounce attack ?!

Can you explain it more clearly? I'm not able to understand what you really mean.
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Tue Jul 27, 2010 11:09 am

Re: brute force with bounce attack ?!

Two things-

In a "bounce attack," you need to have access to an FTP site first.  Basically you connect into an FTP server and then use that server to execute your brute force attack.  A flaw in the FTP design allows arbitrary communication from one connection so you cannot be detected without the FTP server being traced first.

Secondly, this theoretically is the same as using netcat relays.  Just set up a relay and then execute your brute force attack at the relay.

Does this make sense?
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Tue Jul 27, 2010 12:36 pm

Re: brute force with bounce attack ?!

Also, here is the metasploit module that lets you scan using ftp bounce

http://www.metasploit.com/modules/auxiliary/scanner/portscan/ftpbounce

Seems pretty simple.  There also seems to be an nmap option for this as well.
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Wed Jul 28, 2010 6:24 pm

Re: brute force with bounce attack ?!

yatz wrote:Two things-

In a "bounce attack," you need to have access to an FTP site first.  Basically you connect into an FTP server and then use that server to execute your brute force attack.  A flaw in the FTP design allows arbitrary communication from one connection so you cannot be detected without the FTP server being traced first.

Secondly, this theoretically is the same as using netcat relays.  Just set up a relay and then execute your brute force attack at the relay.

Does this make sense?


yes make sense ..however :)

with netcat relays u need to penetrate pc first and setup netcat relay on this machine right ??

what i mean is not to scan like that NMAP options with FTP bounce i know this one and not that option in METASPLOIT

but

i mean that option in hydra ....hydra can crack telnet and ftp and smtp via FTP bounce right ??

but i can't find open FTP servers to do that and if i found secure 1 still the tracing will be easy because its just 1 server

not like chains of proxies and thats what i meant

1st - where can i find open FTP server to try this ?
2nd - is there a way to cracking via chains of proxies
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Jul 28, 2010 8:45 pm

Re: brute force with bounce attack ?!

I'm not sure where you're looking for these FTP servers to test this with, but you should just set this up in your own test lab. I don't know of any FTP servers/versions off the top of my head, but you should be able to find some with a little Googling. Keep in mind that this a pretty old attack, so it's going to (should) be remedied in current FTP servers. Finding this has been very rare in my personal experience.
The day you stop learning is the day you start becoming obsolete.
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Thu Jul 29, 2010 8:32 am

Re: brute force with bounce attack ?!

Most FTP servers should have remedied this, but you can often accomplish this method with network printers...
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Thu Jul 29, 2010 5:02 pm

Re: brute force with bounce attack ?!

i know its old attack but its stealthy ...then do u have the backup attack :)

the problem is i dont know how to use chain proxies instead of FTP to brute force or dic attack specified telnet so the crackign method wont show as from my ip

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software