<< Previous Message Main Index Next Message >>
<< Previous Message in Thread This Month Next Message in Thread >> 
Date   : Tue, 15 Nov 2011 21:31:47 GMT
From   : jgh@... (J.G.Harston)
Subject: Security Project - Update 1

Rick Murray wrote:
> Martyn Ruks wrote:
> > Searching for valid users on the FileStore. Any other common users
> > that are observed on these systems would be welcomed to add into my
> > username list.
> 
> Let's look at what you have done. You appear to be blindly testing a
> list of users (starting with SYST, obviously) against - what, the login
> process, expecting a "user not known" response?

It looks like you (Martyn) are attempting to log on with a
predefined list of usernames to try and using the difference
between "user not known" and "wrong password" to determine if a
user exists.

in%=OPENIN(infile$)
ON ERROR PROCerr
REPEAT
user$=FNrd(in%)
OSCLI "I AM "+user$
*EXEC
PRINT "User "user$" exists and has no password"
UNTIL EOF#in%
CLOSE#in%:END
:
DEFPROCerr
IF ERR=187:PRINT "User "user$" exists":ENDPROC
IF ERR=188:PRINT "User "user$" does not exist":ENDPROC
IF ERR<128:REPORT:PRINT:END
ENDPROC

You then seem to be checking that known list of users against a
predefined list of likely passwords, eg: *I AM SYST BLANK, *I AM
SYST PASSWORD, *I AM SYST FRED, etc.

The usual brute-force method was to create both lists on the fly
with a brute-force string generator. Generate a list of:
A
AA
AAA
AAAA etc.
A0
AA0
AAA0 etc. all the way to ZZZZZZZZZZ

feed that through the user filter. Then using that list of users
that you've discovered, feed the same strings in as attempted
passwords for each user.

Very brute force, very time intensive, very noticable as the
network slows to a crawl and the monitor display zooms off the top
of the screen with *I AMs.

> At my school, the logins were predictable. It was based upon year number
> and your surname in alphabetical form - this user "Y3U12" would be user

I can't remember ours, when I was in sixth form it was your name,
GREG, JONATHAN, PAUL, etc. Below sixth form it was based on the
year you entered so it followed you though school, something like
JGH85 or summut.

> For server hardware, in order of preference:
>    MDFS
>    FileStore
>    Some sort of old RISC OS machine with Econet card
      ...running SoftMDFS (plug, plug :))

-- 
J.G.Harston - jgh@...      - mdfs.net/jgh
Opposition is about asking questions, and Government is about not answering them.
<< Previous Message Main Index Next Message >>
<< Previous Message in Thread This Month Next Message in Thread >>