03-23-2012, 09:42 AM
assalamualaikum all
ketemu lagi dah sama ane=anak pengguna baru
nah kali ini mau mencoba share sebuah tools bruteforce namanya patator.
patator ini berbasis python atau menggunakan bahasa pemrograman python, jadi bagi teman2 yang g atau belum install backtrack5, jangan takut, bisa dijalanin di windows juga, tinggal instal pythonnya untuk windos terlebih dahulu,
scriptnya bisa didownload di mari
kalau diletakin disini kepanjangan wkwkkw
available modul nya sebagai berikut
lihat lagi untuk option modulnya misal ftp_login
wah ada contoh penggunaannya
ayo mari kita coba sama sama ntar yang berhasil report yah
ketemu lagi dah sama ane=anak pengguna baru
nah kali ini mau mencoba share sebuah tools bruteforce namanya patator.
patator ini berbasis python atau menggunakan bahasa pemrograman python, jadi bagi teman2 yang g atau belum install backtrack5, jangan takut, bisa dijalanin di windows juga, tinggal instal pythonnya untuk windos terlebih dahulu,
scriptnya bisa didownload di mari
kalau diletakin disini kepanjangan wkwkkw
available modul nya sebagai berikut
Code:
D:\brother\HackSoft\Patator Bruteforce>patator_v0.3.py
Usage:
$ ./patator.py module --help
or
$ ln -s patator.py module
$ ./module --help
Available modules:
+ ftp_login : Brute-force FTP authentication
+ ssh_login : Brute-force SSH authentication
+ telnet_login : Brute-force Telnet authentication
+ smtp_login : Brute-force SMTP authentication
+ smtp_vrfy : Enumerate valid users using SMTP VRFY
+ smtp_rcpt : Enumerate valid users using SMTP RCPT TO
+ http_fuzz : Fuzz HTTP/HTTPS
+ pop_passd : Brute-force poppassd authentication (http://netwinsite.com/p
oppassd/ not POP3)
+ smb_login : Brute-force SMB authentication
+ ldap_login : Brute-force LDAP authentication
+ mssql_login : Brute-force MSSQL authentication
+ oracle_login : Brute-force Oracle authentication
+ mysql_login : Brute-force MySQL authentication
+ pgsql_login : Brute-force PostgreSQL authentication
+ vnc_login : Brute-force VNC authentication
+ dns_reverse : Reverse lookup subnets
+ dns_forward : Forward lookup subdomains
+ snmp_login : Brute-force SNMP v1/2/3 authentication
+ unzip_pass : Brute-force the password of encrypted ZIP files
+ keystore_pass : Brute-force the password of Java keystore files
lihat lagi untuk option modulnya misal ftp_login
Code:
Usage:
ftp_login host=10.0.0.1 user=FILE0 password=FILE1 0=logins.txt 1=passwords.txt -x ignore:mesg='Login incorrect.' -x ignore,reset,retry:code=500 -x reset:fgrep='Login successful'
Module options:
host : hostnames or subnets to target
port : ports to target [21]
user : usernames to test
password : passwords to test
persistent : use persistent connections [1|0]
* Allowed format in ()
* Allowed values in [] with the default value always listed first
Syntax:
-x actions:conditions
actions := action[,action]*
action := "ignore" | "retry" | "quit" | "reset"
conditions := condition=value[,condition=value]*
condition := "code" | "size" | "mesg" | "fgrep" | "egrep"
ignore : do not report
retry : try payload again
quit : terminate execution now
reset : close current connection in order to reconnect for next probe
code : match status code
size : match size (N or N-M or N- or -N)
mesg : match message
fgrep : search for string
egrep : search for regex
For example, to ignore all redirects to the home page:
... -x ignore:code=302,fgrep='Location: /home.html'
-e tag:encoding
tag := any unique string (eg. T@G or _@@_ or ...)
encoding := "sha1" | "md5" | "hex" | "b64"
sha1 : hash in sha1
md5 : hash in md5
hex : encode in hexadecimal
b64 : encode in base64
For example, to encode every password in base64:
... host=10.0.0.1 user=admin password=_@@_FILE0_@@_ -e _@@_:b64
Options:
-h, --help show this help message and exit
Execution:
-x arg actions and conditions, see Syntax above
--start=N start from offset N in the wordlist product
--stop=N stop at offset N
--resume=r1[,rN]* resume previous run
-e arg encode everything between two tags, see Syntax above
-C str delimiter string in combo files (default is ':')
-X str delimiter string in conditions (default is ',')
Optimization:
--rate-limit=N wait N seconds between tests (default is 0)
--rate-reset=N reset module every N tests (default is 0: never reset)
--failure-delay=N wait N seconds after a failure (default is 0.5)
--max-retries=N skip payload after N failures (default is 5) (-1 for
unlimited)
-t N, --threads=N number of threads (default is 10)
Logging:
-l DIR save output and response data into DIR
-L SFX automatically save into DIR/yyyy-mm-dd/hh:mm:ss_SFX
(DIR defaults to '/tmp/patator')
Debugging:
-d, --debug enable debug messages
wah ada contoh penggunaannya
Code:
ftp_login host=10.0.0.1 user=FILE0 password=FILE1 0=logins.txt 1=passwords.txt -x ignore:mesg='Login incorrect.' -x ignore,reset,retry:code=500 -x reset:fgrep='Login successful'
ayo mari kita coba sama sama ntar yang berhasil report yah