Bruteforce basic presentation_file - linx

974 views
933 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
974
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
85
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Bruteforce basic presentation_file - linx

  1. 1. BRUTE FORCE, DICTIONARY ATTACK, AND THE IMPLEMENTATION Linggar Primahastoko IDSECCONF 2011
  2. 2. BACKGROUND <ul><li>Public Information </li></ul><ul><li>Sensitive </li></ul><ul><li>Secured System </li></ul>
  3. 3. WHY ? <ul><li>SQL INJECTION X </li></ul><ul><li>REMOTE FILE INCLUSION X </li></ul><ul><li>DIRECT URL ACCESS X </li></ul><ul><li>… . X </li></ul><ul><li>… . X </li></ul><ul><li>DICTIONARY ATTACK ? </li></ul><ul><li>BRUTE FORCE ? </li></ul>
  4. 4. BRUTE FORCE <ul><li>TRY THE VARIETY KEYS </li></ul>
  5. 5. BRUTE FORCE
  6. 6. <ul><li>LIMITING THE BRUTE FORCE </li></ul>
  7. 7. DICTIONARY ATTACK <ul><li>TRY THE POSSIBLE KEYS </li></ul>
  8. 8. DICTIONARY ATTACK
  9. 9. Implementation <ul><li>Looking for the wrong sign </li></ul><ul><li>Check that there are no wrong sign if it's true </li></ul><ul><li>Make the automation </li></ul>
  10. 10. system keys attacker 1. Looking for the wrong sign 2. Get the key one by one 3. Try the key 4. if there is a wrong sign,back to second step 5. if there is no wrong sign, save the key and exit
  11. 11. The Enemies <ul><li>Connection </li></ul><ul><li>Firewall </li></ul><ul><li>Captcha </li></ul><ul><li>Limit Login Attempt </li></ul><ul><li>Time </li></ul>
  12. 12. Conclusions <ul><li>Simple way to make a simple brute force attack </li></ul><ul><li>Need more additional way to secure the system </li></ul><ul><li>No system that 100% secure </li></ul>
  13. 13. <ul><li>THANK YOU </li></ul>

×