Never Ending Security

It starts all here

Tag Archives: Crowbar

Crowbar – a brute forcing tool that can be used during penetration tests.

Leave a comment Posted by on 13 April 2015

Crowbar – New generation web application brute force attack

Crowbar was developed to brute force some protocols in a different manner then other ‘popular’ brute forcing tools. As an example, while most brute forcing tools use username and password for SSH brute forcing, Crowbar uses SSH keys.

Currently Crowbar supports

  • OpenVPN
  • SSH private key authentication
  • VNC key authentication
  • Remote Desktop Protocol (RDP) with NLA support

Installation

First you shoud install dependencies

 # apt-get install openvpn freerdp-x11 vncviewer

Then get latest version from github

 # git clone https://github.com/galkan/crowbar

Usage

  • -h: Shows help menu.
  • -b: Target service. Crowbar now supports vnckey, openvpn, sshkey, rdp.
  • -s: Target ip address.
  • -S: File name which is stores target ip address.
  • -u: Username.
  • -U: File name which stores username list.
  • -n: Thread count.
  • -l: File name which stores log. Deafault file name is crwobar.log which is located in your current directory
  • -o: Output file name which stores the successfully attempt.
  • -c: Password.
  • -C: File name which stores passwords list.
  • -t: Timeout value.
  • -p: Port number
  • -k: Key file full path.
  • -m: Openvpn configuration file path
  • -d: Run nmap in order to discover whether the target port is open or not. So that you can easily brute to target using crowbar.
  • -v: Verbose mode which is shows all the attempts including fail.

crowbar documentation

Examples:

Brute forcing RDP

RDP brute force attempt to a single IP address using a single username and a single password:

crowbar.py -b rdp -s 192.168.2.182/32 -u admin -c Aa123456

Brute forcing SSH

SSH key brute force attempt to a single IP address using a single username and a ssh key:

crowbar.py -b sshkey -s 192.168.2.105/32 -u root -k /root/.ssh/id_rsa

Brute forcing VNC server

VNC brute force attempt to a single IP address using a passwd file with specified port number:

crowbar.py -b vnckey -s 192.168.2.105/32 -p 5902 -k /root/.vnc/passwd

Brute forcing OpenVPN

VPN brute force attempt to a single IP address using a configuration file, a certificate file, a single username and a sindle password with specified port number:

crowbar.py -b openvpn -s 198.7.62.204/32 -p 443 -m /root/Desktop/vpnbook.ovpn -k /root/Desktop/vpnbook_ca.crt -u vpnbook -c cr2hudaF

More information can be found at: https://github.com/galkan/crowbar and at: http://research.sensepost.com/cms/resources/tools/web/j-baah/crowbar0861.pdf

Guides and Tutorials, Offensive, Penetration Testing, Web Apps