Friday, December 18, 2009

Tool - Wordpress Bruteforcer (WP_BruteForcer.exe)

Wordpress Brute Force Tool

Hoho, the chritmas is around the corner and here is my christmas gift that would like to share with others. This is a brute forcing tool that targets the Wordpress web application.

Here is the demo on how to use the tool to break Wordpress password:



Figure 1: WP_BruteForcer Usage



Figure 2: Brute force the wordpress application



Figure 3: Password cracking



Figure 4: Target Website (Dummy one ;))



Figure 5: Ready to crack the website


Figure 6: Owned!!!

Note:

It would be a good idea to run the tool in Windows platform although wine environment can be used also but the tool is not stable for some reason (I didn't investigate further in this case ;))

Download Link

http://www.4shared.com/file/175981151/3f124165/WP_BruteForcer_final.html

~Signing off
@x9090
Posted by x9090 at 10:30 PM 12 comments
Labels: , , ,

Thursday, September 24, 2009

"Sorry, this database has been created by a pirate version of IDA Pro"


Patching ida.wll

Target: IDA Pro Version 5.2.0.911 & Version 5.5

Some of you might encounter this error message before when you are trying to open an idb (ida database file) file. This will only happen if the idb is created by a pirated copy of IDA Pro like the screenshot below:

Someone from exetools.com has posted the patch but only limited for those who have registered as a member. Based on the description there, it is not hard to patch the pirated message actually.

The step is fairly easy:

  1. Find ida.wll from your IDA installation directory and load it with IDA
  2. Find text string "Sorry, this database has been created by a pirate version of IDA Pro" by using Shift+F12 (Strings tab)
  3. Enter to jump to the data section
  4. You should see aSorryThisDatab attribute which is already defined with the above string
  5. Put your cursor to the attribute and press x (Cross reference) to jump to the code section that uses this data
  6. You should now jump to the code which looks like this:


  7. Notice the jz before the "call sub_10039660", double click to enter sub_10039660 function
  8. You can see the 3 exported functions MD5Init, MD5Update and MD5Final.
  9. Go to the part where it nears the retn instruction.
  10. And take note how EAX is updated because this register will determine if the hash is equal or not and return to the previous function that will do the comparison, "test al, al"
  11. From the figure above, we know that we can avoid the pirated message if EAX is zero. So we can patch "mov al,1" to something that will give us EAX=0, eg: "xor eax, eax" ;)
  12. Using any hex editor that you prefer, and jump to this address and do the modification. Done!!!

Download: ida.wll.patched


Reference

Datarescue IDA pirated .idb database -- http://forum.exetools.com/showthread.php?t=12087

~Signing off
@x9090
Posted by x9090 at 7:44 PM 2 comments
Labels: , ,

Monday, September 14, 2009

Ollyscript Tutorial - Unpack ASPack

ASPack is actually similar to UPX.

Using PEiD: ASPack 2.12 -> Alexey Solodovnikov

The script
-----------

var hwBP // Local var for hwBP

mov hwBP, esp // Using esp trick

bphws hwBP, "r" // Set hardware breakpoint

run // Run

rtr // Execute till return

sto // F8

msg "OEP found"

cmt eip, "<<<<>>>>"

ret

Download: Notepad.exe packed with ASPack

Signing off
~x9090
Posted by x9090 at 9:32 PM 0 comments
Labels: , ,
Subscribe to: Posts (Atom)