Re: [Full-disclosure] Patator - new multi-purpose brute-forcing tool
Hi folks, as the programmer of hydra, some comments on this ... On 23.02.2012 06:52, Grandma Eubanks wrote: Multiprocessing is quiet a bit faster than utilizing threads (this should be obvious as threads are GIL locked, while multi-processing can be spread amongst cores with the kernel's scheduler). yes, multiprocessing is faster than threads, and threads used intelligently are faster than forking - but ... for network login hacking that is not the bottleneck and its not where optimization helps anything. the secret of being fast is how you balance the connections to the network services and skipping parts of the protocols which are not essential. thats why hydra is the fastest one out there (own biased testing ;-) http://thc.org/thc-hydra/network_password_cracker_comparison.html ) although it uses forking. go figure. hydra got more stable and faster when I rewrote the balancing engine in v7, the v7.2 is now the fastest and is very stable. (why forking? because when it was written the goal was to be able to run on any platform, even on esoteric platforms like ultrix 4, MVS openedition etc. - and it did. In today's monocultures that a less useful feature, I agree) On Feb 22, 2012 6:43 AM, lanjelot lanje...@gmail.com wrote: To put it bluntly, I just got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like because: - they either do not work or are not reliable (got me false negatives several times in the past) - they are slow (not multi-threaded or not testing multiple or not testing multiple passwords within the same TCP connection) have you read the code of the named tools? hydra does multiple password attempts in the connection if the protocol supports it - the competitors do so too I'd guess, medusa and ncrack use threading or parallel socketing - and rgw false negatives/positives ... you will have them too, because its always interpretation of results. post some speed comparison and show that your tool is ruling :-) competition makes the tools better. Greets, van Hauser ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Patator - new multi-purpose brute-forcing tool
Grandma, On Thu, Feb 23, 2012 at 2:52 AM, Grandma Eubanks tborla...@gmail.com wrote: Multiprocessing is quiet a bit faster than utilizing threads (this should be obvious as threads are GIL locked, while multi-processing can be spread amongst cores with the kernel's scheduler). That's not always true. If the process is network bound (which seems to be the case with a bruteforce tool), then having multiprocessing will not necessarily increase speed. If the software was well written, it can be very fast and use python threads. On Wed, Feb 22, 2012 at 6:51 PM, Nate Theis ntth...@gmail.com wrote: You might look into PyPy for a speed boost: http://pypy.org On Feb 22, 2012 6:43 AM, lanjelot lanje...@gmail.com wrote: Hello FD, Released two months ago, and downloaded a few thousand times since, I wanted to share with you a new multi-purpose brute-forcing tool named Patator (http://code.google.com/p/patator/). I am posting here because I would like to get more feedback from people using it, so feel free to fire me an email if you have any queries, or rather use the issues tracker on patator project page. To put it bluntly, I just got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like because: - they either do not work or are not reliable (got me false negatives several times in the past) - they are slow (not multi-threaded or not testing multiple passwords within the same TCP connection) - they lack very useful features that are easy to code in python (eg. interactive runtime) Basically you should give Patator a try once you get disappointed by Medusa, Hydra or other brute-forcing tools and are about to code your own small script because Patator will allow you to: - Not write the same code over and over, due to its a modular design and flexible usage - Run multi-threaded - Benefit from useful features such as the interactive runtime commands, automatic response logging, etc. Currently Patator supports the following modules : - ftp_login : Brute-force FTP - ssh_login : Brute-force SSH - telnet_login : Brute-force Telnet - smtp_login : Brute-force SMTP - smtp_vrfy : Enumerate valid users using the SMTP 'VRFY' command - smtp_rcpt : Enumerate valid users using the SMTP 'RCPT TO' command - http_fuzz : Brute-force HTTP/HTTPS - pop_passd : Brute-force poppassd (not POP3) - ldap_login : Brute-force LDAP - smb_login : Brute-force SMB - mssql_login : Brute-force MSSQL - oracle_login : Brute-force Oracle - mysql_login : Brute-force MySQL - pgsql_login : Brute-force PostgreSQL - vnc_login : Brute-force VNC - dns_forward : Forward lookup subdomains - dns_reverse : Reverse lookup subnets - snmp_login : Brute-force SNMPv1/2 and SNMPv3 - unzip_pass : Brute-force the password of encrypted ZIP files - keystore_pass : Brute-force the password of Java keystore files The name Patator comes from the famous weapon : http://www.youtube.com/watch?v=xoBkBvnTTjo Cheers! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Andrés Riancho Director of Web Security at Rapid7 LLC Founder at Bonsai Information Security Project Leader at w3af ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Patator - new multi-purpose brute-forcing tool
Indeed. It could also be very fast and not use threads at all. But IMO it's much harder to write an efficient multithreaded program in python than in C, at the very least you need a good understanding of the inner workings of the python interpreter. I find it a bit suspicious in general that a python program can outperform a pure C program just like that. It's not impossible, but I think I'll reserve my judgement on this until some benchmarks are published. On Thu, Feb 23, 2012 at 1:36 PM, Andres Riancho andres.rian...@gmail.com wrote: Grandma, On Thu, Feb 23, 2012 at 2:52 AM, Grandma Eubanks tborla...@gmail.com wrote: Multiprocessing is quiet a bit faster than utilizing threads (this should be obvious as threads are GIL locked, while multi-processing can be spread amongst cores with the kernel's scheduler). That's not always true. If the process is network bound (which seems to be the case with a bruteforce tool), then having multiprocessing will not necessarily increase speed. If the software was well written, it can be very fast and use python threads. On Wed, Feb 22, 2012 at 6:51 PM, Nate Theis ntth...@gmail.com wrote: You might look into PyPy for a speed boost: http://pypy.org On Feb 22, 2012 6:43 AM, lanjelot lanje...@gmail.com wrote: Hello FD, Released two months ago, and downloaded a few thousand times since, I wanted to share with you a new multi-purpose brute-forcing tool named Patator (http://code.google.com/p/patator/). I am posting here because I would like to get more feedback from people using it, so feel free to fire me an email if you have any queries, or rather use the issues tracker on patator project page. To put it bluntly, I just got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like because: - they either do not work or are not reliable (got me false negatives several times in the past) - they are slow (not multi-threaded or not testing multiple passwords within the same TCP connection) - they lack very useful features that are easy to code in python (eg. interactive runtime) Basically you should give Patator a try once you get disappointed by Medusa, Hydra or other brute-forcing tools and are about to code your own small script because Patator will allow you to: - Not write the same code over and over, due to its a modular design and flexible usage - Run multi-threaded - Benefit from useful features such as the interactive runtime commands, automatic response logging, etc. Currently Patator supports the following modules : - ftp_login : Brute-force FTP - ssh_login : Brute-force SSH - telnet_login : Brute-force Telnet - smtp_login : Brute-force SMTP - smtp_vrfy : Enumerate valid users using the SMTP 'VRFY' command - smtp_rcpt : Enumerate valid users using the SMTP 'RCPT TO' command - http_fuzz : Brute-force HTTP/HTTPS - pop_passd : Brute-force poppassd (not POP3) - ldap_login : Brute-force LDAP - smb_login : Brute-force SMB - mssql_login : Brute-force MSSQL - oracle_login : Brute-force Oracle - mysql_login : Brute-force MySQL - pgsql_login : Brute-force PostgreSQL - vnc_login : Brute-force VNC - dns_forward : Forward lookup subdomains - dns_reverse : Reverse lookup subnets - snmp_login : Brute-force SNMPv1/2 and SNMPv3 - unzip_pass : Brute-force the password of encrypted ZIP files - keystore_pass : Brute-force the password of Java keystore files The name Patator comes from the famous weapon : http://www.youtube.com/watch?v=xoBkBvnTTjo Cheers! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Andrés Riancho Director of Web Security at Rapid7 LLC Founder at Bonsai Information Security Project Leader at w3af ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia -
Re: [Full-disclosure] Patator - new multi-purpose brute-forcing tool
That could be. I've done testing with Python with multi-threads and multi-processing and have gotten a couple hundred more over HTTP than I have on managing threads (not to mention how much easier it was). However, this also needed to handle much more data and parse the responses for validation before continuing, as you said not over network login (I assume lan here). So perhaps that was my issue with the multi-threaded. http://code.google.com/p/http-brute The speed also was an issue. At that speed the amount of threads were not able to complete at points in time, causing them to be repeated. But when I spanned cores it no longer became an issue. But as you said, this could've been just how I was managing the threads. On Thu, Feb 23, 2012 at 8:18 AM, van Hauser v...@thc.org wrote: Hi folks, as the programmer of hydra, some comments on this ... On 23.02.2012 06:52, Grandma Eubanks wrote: Multiprocessing is quiet a bit faster than utilizing threads (this should be obvious as threads are GIL locked, while multi-processing can be spread amongst cores with the kernel's scheduler). yes, multiprocessing is faster than threads, and threads used intelligently are faster than forking - but ... for network login hacking that is not the bottleneck and its not where optimization helps anything. the secret of being fast is how you balance the connections to the network services and skipping parts of the protocols which are not essential. thats why hydra is the fastest one out there (own biased testing ;-) http://thc.org/thc-hydra/network_password_cracker_comparison.html ) although it uses forking. go figure. hydra got more stable and faster when I rewrote the balancing engine in v7, the v7.2 is now the fastest and is very stable. (why forking? because when it was written the goal was to be able to run on any platform, even on esoteric platforms like ultrix 4, MVS openedition etc. - and it did. In today's monocultures that a less useful feature, I agree) On Feb 22, 2012 6:43 AM, lanjelot lanje...@gmail.com wrote: To put it bluntly, I just got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like because: - they either do not work or are not reliable (got me false negatives several times in the past) - they are slow (not multi-threaded or not testing multiple or not testing multiple passwords within the same TCP connection) have you read the code of the named tools? hydra does multiple password attempts in the connection if the protocol supports it - the competitors do so too I'd guess, medusa and ncrack use threading or parallel socketing - and rgw false negatives/positives ... you will have them too, because its always interpretation of results. post some speed comparison and show that your tool is ruling :-) competition makes the tools better. Greets, van Hauser ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Patator - new multi-purpose brute-forcing tool
Hello FD, Released two months ago, and downloaded a few thousand times since, I wanted to share with you a new multi-purpose brute-forcing tool named Patator (http://code.google.com/p/patator/). I am posting here because I would like to get more feedback from people using it, so feel free to fire me an email if you have any queries, or rather use the issues tracker on patator project page. To put it bluntly, I just got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like because: - they either do not work or are not reliable (got me false negatives several times in the past) - they are slow (not multi-threaded or not testing multiple passwords within the same TCP connection) - they lack very useful features that are easy to code in python (eg. interactive runtime) Basically you should give Patator a try once you get disappointed by Medusa, Hydra or other brute-forcing tools and are about to code your own small script because Patator will allow you to: - Not write the same code over and over, due to its a modular design and flexible usage - Run multi-threaded - Benefit from useful features such as the interactive runtime commands, automatic response logging, etc. Currently Patator supports the following modules : - ftp_login : Brute-force FTP - ssh_login : Brute-force SSH - telnet_login : Brute-force Telnet - smtp_login: Brute-force SMTP - smtp_vrfy : Enumerate valid users using the SMTP 'VRFY' command - smtp_rcpt : Enumerate valid users using the SMTP 'RCPT TO' command - http_fuzz : Brute-force HTTP/HTTPS - pop_passd : Brute-force poppassd (not POP3) - ldap_login: Brute-force LDAP - smb_login : Brute-force SMB - mssql_login : Brute-force MSSQL - oracle_login : Brute-force Oracle - mysql_login : Brute-force MySQL - pgsql_login : Brute-force PostgreSQL - vnc_login : Brute-force VNC - dns_forward : Forward lookup subdomains - dns_reverse : Reverse lookup subnets - snmp_login: Brute-force SNMPv1/2 and SNMPv3 - unzip_pass: Brute-force the password of encrypted ZIP files - keystore_pass : Brute-force the password of Java keystore files The name Patator comes from the famous weapon : http://www.youtube.com/watch?v=xoBkBvnTTjo Cheers! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Patator - new multi-purpose brute-forcing tool
You might look into PyPy for a speed boost: http://pypy.org On Feb 22, 2012 6:43 AM, lanjelot lanje...@gmail.com wrote: Hello FD, Released two months ago, and downloaded a few thousand times since, I wanted to share with you a new multi-purpose brute-forcing tool named Patator (http://code.google.com/p/patator/). I am posting here because I would like to get more feedback from people using it, so feel free to fire me an email if you have any queries, or rather use the issues tracker on patator project page. To put it bluntly, I just got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like because: - they either do not work or are not reliable (got me false negatives several times in the past) - they are slow (not multi-threaded or not testing multiple passwords within the same TCP connection) - they lack very useful features that are easy to code in python (eg. interactive runtime) Basically you should give Patator a try once you get disappointed by Medusa, Hydra or other brute-forcing tools and are about to code your own small script because Patator will allow you to: - Not write the same code over and over, due to its a modular design and flexible usage - Run multi-threaded - Benefit from useful features such as the interactive runtime commands, automatic response logging, etc. Currently Patator supports the following modules : - ftp_login : Brute-force FTP - ssh_login : Brute-force SSH - telnet_login : Brute-force Telnet - smtp_login: Brute-force SMTP - smtp_vrfy : Enumerate valid users using the SMTP 'VRFY' command - smtp_rcpt : Enumerate valid users using the SMTP 'RCPT TO' command - http_fuzz : Brute-force HTTP/HTTPS - pop_passd : Brute-force poppassd (not POP3) - ldap_login: Brute-force LDAP - smb_login : Brute-force SMB - mssql_login : Brute-force MSSQL - oracle_login : Brute-force Oracle - mysql_login : Brute-force MySQL - pgsql_login : Brute-force PostgreSQL - vnc_login : Brute-force VNC - dns_forward : Forward lookup subdomains - dns_reverse : Reverse lookup subnets - snmp_login: Brute-force SNMPv1/2 and SNMPv3 - unzip_pass: Brute-force the password of encrypted ZIP files - keystore_pass : Brute-force the password of Java keystore files The name Patator comes from the famous weapon : http://www.youtube.com/watch?v=xoBkBvnTTjo Cheers! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Patator - new multi-purpose brute-forcing tool
Multiprocessing is quiet a bit faster than utilizing threads (this should be obvious as threads are GIL locked, while multi-processing can be spread amongst cores with the kernel's scheduler). On Wed, Feb 22, 2012 at 6:51 PM, Nate Theis ntth...@gmail.com wrote: You might look into PyPy for a speed boost: http://pypy.org On Feb 22, 2012 6:43 AM, lanjelot lanje...@gmail.com wrote: Hello FD, Released two months ago, and downloaded a few thousand times since, I wanted to share with you a new multi-purpose brute-forcing tool named Patator (http://code.google.com/p/patator/). I am posting here because I would like to get more feedback from people using it, so feel free to fire me an email if you have any queries, or rather use the issues tracker on patator project page. To put it bluntly, I just got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like because: - they either do not work or are not reliable (got me false negatives several times in the past) - they are slow (not multi-threaded or not testing multiple passwords within the same TCP connection) - they lack very useful features that are easy to code in python (eg. interactive runtime) Basically you should give Patator a try once you get disappointed by Medusa, Hydra or other brute-forcing tools and are about to code your own small script because Patator will allow you to: - Not write the same code over and over, due to its a modular design and flexible usage - Run multi-threaded - Benefit from useful features such as the interactive runtime commands, automatic response logging, etc. Currently Patator supports the following modules : - ftp_login : Brute-force FTP - ssh_login : Brute-force SSH - telnet_login : Brute-force Telnet - smtp_login: Brute-force SMTP - smtp_vrfy : Enumerate valid users using the SMTP 'VRFY' command - smtp_rcpt : Enumerate valid users using the SMTP 'RCPT TO' command - http_fuzz : Brute-force HTTP/HTTPS - pop_passd : Brute-force poppassd (not POP3) - ldap_login: Brute-force LDAP - smb_login : Brute-force SMB - mssql_login : Brute-force MSSQL - oracle_login : Brute-force Oracle - mysql_login : Brute-force MySQL - pgsql_login : Brute-force PostgreSQL - vnc_login : Brute-force VNC - dns_forward : Forward lookup subdomains - dns_reverse : Reverse lookup subnets - snmp_login: Brute-force SNMPv1/2 and SNMPv3 - unzip_pass: Brute-force the password of encrypted ZIP files - keystore_pass : Brute-force the password of Java keystore files The name Patator comes from the famous weapon : http://www.youtube.com/watch?v=xoBkBvnTTjo Cheers! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/