Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: pdp (architect) (pdp.gnucitizengooglemail.com)
Date: Tue Aug 15 2006 - 16:55:52 CDT
Lazy Authorization Forcer
This is an idea I am still developing but here you go POC is available
guess URLs that contain credentials. It is sort of Basic
Authentication/FTP Authentication bruteforcer.
The POC works well in IE6, IE7, Firefox and Opera. I wasn't able to
suppress the Basic Authentication dialog when trying to create Basic
Authentication Bruteforcer. However, I came up with this lazyForce
implementation. A typical attack vector will be as the following:
1. The attacker discovers your internal IP
2. Based on your IP a class C range is enumerated using the Port
Scanning or Visited Link Scanning technique.
3. Once a target is discovered a large enough dictionary is used to
find valid credentials associated with each IP.
In order to make IE work a style sheet that is embeded inside the
current document needs to be reused. Read the provided source code for
Visited Link Scanner
This is a technique that I've learned from Jeremiah Grossman
(http://jeremiahgrossman.blogspot.com/) and his presentation on
The POC presented here is my improved version of the POC presented in
BlackHat. I made it work well in IE6, IE7, Firefox and Opera. IE6 has
very nasty disabilities when dealing with dynamically generated style
sheets. However, these can be easy sorted out by reusing the current
style sheet. If you are interested how it works just read the provided
Well, this is it.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/