Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Bruteforce basic presentation_file - linx

1,333 views

Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Bruteforce basic presentation_file - linx

  1. 1. BRUTE FORCE, DICTIONARY ATTACK, AND THE IMPLEMENTATION Linggar Primahastoko IDSECCONF 2011
  2. 2. BACKGROUND <ul><li>Public Information </li></ul><ul><li>Sensitive </li></ul><ul><li>Secured System </li></ul>
  3. 3. WHY ? <ul><li>SQL INJECTION X </li></ul><ul><li>REMOTE FILE INCLUSION X </li></ul><ul><li>DIRECT URL ACCESS X </li></ul><ul><li>… . X </li></ul><ul><li>… . X </li></ul><ul><li>DICTIONARY ATTACK ? </li></ul><ul><li>BRUTE FORCE ? </li></ul>
  4. 4. BRUTE FORCE <ul><li>TRY THE VARIETY KEYS </li></ul>
  5. 5. BRUTE FORCE
  6. 6. <ul><li>LIMITING THE BRUTE FORCE </li></ul>
  7. 7. DICTIONARY ATTACK <ul><li>TRY THE POSSIBLE KEYS </li></ul>
  8. 8. DICTIONARY ATTACK
  9. 9. Implementation <ul><li>Looking for the wrong sign </li></ul><ul><li>Check that there are no wrong sign if it's true </li></ul><ul><li>Make the automation </li></ul>
  10. 10. system keys attacker 1. Looking for the wrong sign 2. Get the key one by one 3. Try the key 4. if there is a wrong sign,back to second step 5. if there is no wrong sign, save the key and exit
  11. 11. The Enemies <ul><li>Connection </li></ul><ul><li>Firewall </li></ul><ul><li>Captcha </li></ul><ul><li>Limit Login Attempt </li></ul><ul><li>Time </li></ul>
  12. 12. Conclusions <ul><li>Simple way to make a simple brute force attack </li></ul><ul><li>Need more additional way to secure the system </li></ul><ul><li>No system that 100% secure </li></ul>
  13. 13. <ul><li>THANK YOU </li></ul>

×