uhmmm some corrections and informations for this thread and in general:
Quote:
I downloaded a couple of cracker/sniffers/brute..whatever, they seem to be out of date or plain suckeh..
uhmmm downloading uncertain programs from untrusted sources (and moreover without source code) with fluffiness is ever a bad idea.
just a generic suggestion for anyone.
Quote:
Is there any simple guide that can be understood by non-programmers for this:
http://aluigi.altervista.org/adv/webmodz-adv.txtit's a technical advisory intended for developers and people in the security field anyway the negative effects of those vulnerabilities should be plus or less comprehensible to anyone who knows that software (admins and people who use it).
Quote:
The Ddos attack, where you send 200 http packages, where do I find info about it?
the initial 'd' in the ddos term stands for "distribuited" which means that the Denial of Service (even a simple connection can be defined a DoS in particular conditions) is performed by 2 or more clients.
in this specific case I guess you refer only to a simple resource consumption probably caused by an internal limit of the http server (webmod or what? you have not specified it).
Quote:
It will get you the PW usually in 3-5 minutes.
through brute forcing there is no way in the world to have fast results so who said a similar thing wasn't talking about "brute forcing" (which means trying a sequence of text strings using a specific charset) or was lying (classical way for bad people who wants to spread malware because there is ever one or more ignorants who trust such idiocies).
it's a logical thing, first because the result of a brute forcing depends by the real password ("aaa" is different than "2h3jh27';asdf3" and depending by the used charset (example azAZ09) so the second one can be just not guessed at all after days of testing), then because the continuous trying of strings built at runtime occupies lot of time due to the abnourmous amount of combinations and finally because on the network (even in LAN) there is the huge problem of the latency between the sending of the request and the receiving of the input... so a thing which is already slow and uncertain for its nature becomes worst in such conditions.
same problems also for the worldlist method were there is a starting base (the word in the wordlist) but remain all the other negative points said before for brute forcing (but obviously with a smaller amount of combinations).
Quote:
BIG PROBLEM ON THIS PROGRAM: REALLY FUCKING SLOW!!!!
obviously as said before :)
Quote:
http://123.123.123.123/cstrike/server.cfg
this is a classical example of disinformation.
in the security field there are various things which are of vital importance and are logically needed for understanding the security problem:
- the name of the affected software (missing in this case)
- the latest version of the affected software which has been tested vulnerable (missing too)
- the possible conditions in which the vulnerability is exploitable (missing too)
- possibly other useful details about the vulnerability, its causes and its effects (missing too).
so that short set of "instructions" you found means just nothing.
Quote:
NOTE 2: Im sry if this is noobie or not allowed to ask or something, but I dont see any forum rules or anything, maybe im blind, but whatever.
the forum rules are available here:
welcome-and-rules-t14.htmlanyway being a personal forum are welcome all the threads about my personal research, tools and other stuff (that's why the forum has the same sections of my website) but are accepted also discussions about new possible projects or other informations of public interest.
instead are avoided all lame requests and related things (easy to recognize) which have a direct and clear malicious intent, some examples are available in the trash section.
