[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] booting password crackers...
- Subject: Re: [cobalt-security] booting password crackers...
- From: Mike Vanecek <nospam99@xxxxxxxxxxxx>
- Date: Sun, 28 May 2000 11:02:19 -0500
- Organization: anonymous
On Sun, 28 May 2000 00:52:18 +0200, ChaosIndustries <chaosindustries@xxxxxx>
wrote:
:>Think hosts.deny will work, but is not efficient, cause they after redial
:>on isp
:>they will get a new ip. Otherwise you will deny all users using this ISP.
:>
:>Im using "nerv them up method" in that cases ;)
:>Use httpd.conf to give out a "fake .htaccess" using a cgi. The same cgi
:>can check the pass and send a dummy page. So the bruteforcer will
:>result after each try the pass was found --> This cracker isnt usefull any
:>more now.
Would you mind posting or sending me off list more detail on exactly how you
implement the changes to your httpd.conf file and use the cgi script please?
I'd like to see what you put in the httpd.conf file and what is in the cgi
script. I'd be interested in trying the same approach.
:>Combined with some WarScripts in Javascript that crackers will have a lot
:>of
:>fun ;)
I would like to see a copy of this too please.
:>When someone using the write login:pass combination at that cgi redir
:>then to the new path where the real .htaccess file is.
I am not sure I follow, but maybe looking at the cgi script will help.
:>You can also generate an unshadowed passwd file and store that on anonymous
:>
:>ftp in /etc with some other files (free composed ;) ). For the passwords in
:>that
:>passwd file use some that passwords: do you think im so stupid
I would like to see that file too please.
:>When they have checked that their cracker is no longer usefull maybe they
:>think they can brute the passwd file from that anonymous ftp <hehe>.
:>
:>Just have fun with them, they will give up when this subjects checking out
:>that you're playing with them.
:>
:>You can also use a cgi instead of .htaccess for auth, and send some
:>tear or syncdrops after the 3rd try, or just flood them.
Do you have an example of such a script I could have?
:>Be creative ;)
:>
:>Greetz Sven
You are certainly creative. I do not want your secrets, but I am impressed
with how you setting up security. Anything you can share with me that does not
compromise your approach would be really appreciated. I like your approach!
Thanks, Mike.