bruteforce basic presentation_file - linx
DESCRIPTION
TRANSCRIPT
![Page 1: Bruteforce basic presentation_file - linx](https://reader033.vdocuments.mx/reader033/viewer/2022061209/548d9de8b4795964258b4674/html5/thumbnails/1.jpg)
BRUTE FORCE, DICTIONARY ATTACK,AND THE IMPLEMENTATION
Linggar PrimahastokoIDSECCONF 2011
![Page 2: Bruteforce basic presentation_file - linx](https://reader033.vdocuments.mx/reader033/viewer/2022061209/548d9de8b4795964258b4674/html5/thumbnails/2.jpg)
BACKGROUND
Public Information Sensitive Secured System
![Page 3: Bruteforce basic presentation_file - linx](https://reader033.vdocuments.mx/reader033/viewer/2022061209/548d9de8b4795964258b4674/html5/thumbnails/3.jpg)
WHY ?
SQL INJECTION X REMOTE FILE INCLUSION X DIRECT URL ACCESS X …. X …. X DICTIONARY ATTACK ? BRUTE FORCE ?
![Page 4: Bruteforce basic presentation_file - linx](https://reader033.vdocuments.mx/reader033/viewer/2022061209/548d9de8b4795964258b4674/html5/thumbnails/4.jpg)
BRUTE FORCE
TRY THE VARIETY KEYS
![Page 5: Bruteforce basic presentation_file - linx](https://reader033.vdocuments.mx/reader033/viewer/2022061209/548d9de8b4795964258b4674/html5/thumbnails/5.jpg)
BRUTE FORCE
![Page 6: Bruteforce basic presentation_file - linx](https://reader033.vdocuments.mx/reader033/viewer/2022061209/548d9de8b4795964258b4674/html5/thumbnails/6.jpg)
LIMITING THE BRUTE FORCE
![Page 7: Bruteforce basic presentation_file - linx](https://reader033.vdocuments.mx/reader033/viewer/2022061209/548d9de8b4795964258b4674/html5/thumbnails/7.jpg)
DICTIONARY ATTACK
TRY THE POSSIBLE KEYS
![Page 8: Bruteforce basic presentation_file - linx](https://reader033.vdocuments.mx/reader033/viewer/2022061209/548d9de8b4795964258b4674/html5/thumbnails/8.jpg)
DICTIONARY ATTACK
![Page 9: Bruteforce basic presentation_file - linx](https://reader033.vdocuments.mx/reader033/viewer/2022061209/548d9de8b4795964258b4674/html5/thumbnails/9.jpg)
Implementation
Looking for the wrong sign Check that there are no wrong sign if it's true Make the automation
![Page 10: Bruteforce basic presentation_file - linx](https://reader033.vdocuments.mx/reader033/viewer/2022061209/548d9de8b4795964258b4674/html5/thumbnails/10.jpg)
system
keys
attacker1. Looking for the wrong sign
2. G
et th
e ke
y on
e by
one
3. Try the key
4. if there is a wrong sign,back to second step
5. if there is no wrong sign,save the key and exit
![Page 11: Bruteforce basic presentation_file - linx](https://reader033.vdocuments.mx/reader033/viewer/2022061209/548d9de8b4795964258b4674/html5/thumbnails/11.jpg)
The Enemies
Connection Firewall Captcha Limit Login Attempt Time
![Page 12: Bruteforce basic presentation_file - linx](https://reader033.vdocuments.mx/reader033/viewer/2022061209/548d9de8b4795964258b4674/html5/thumbnails/12.jpg)
Conclusions
Simple way to make a simple brute force attack Need more additional way to secure the system No system that 100% secure
![Page 13: Bruteforce basic presentation_file - linx](https://reader033.vdocuments.mx/reader033/viewer/2022061209/548d9de8b4795964258b4674/html5/thumbnails/13.jpg)
THANK YOU