*****************************************************************************
UnSecure
ver 1.2
Copyright (c) 1998 SniperX, All rights reserved
For news and updates visit www.SniperX.net
*****************************************************************************
Contents:
1. Introduction
2. Using UnSecure
a. Basic Information
b. Interface
c. Attack Methods
3. Technicalities and Theory
4. Contact Info
*****************************************************************************
Check at www.sniperx.net for updates on docs and such.
1. Introduction
Most people believe the Internet is secure and near impossible to break into. Since we know
differently, we decided to provide means for everyone to experiment with the Internet's
Security. Through UnSecure, the world will gain a better idea on whether or not they're safe.
UnSecure is a Brute Forcing program to exploit flaws with the worlds current Internet
Security. This program is able to try every possible password combination, and pinpoint the
users password. UnSecure can currently break into most Windows 95/98, Windows NT,
Mac, Unix and other OS servers with or without a firewall. Some people say the time to
Brute Force a server can take years. This is not true considering the way
hardware is being sped up.
Unfortunately we also both know that the average users password is 6
lowercase characters.
2. Using UnSecure - Click connect to start!
2a. Basic Information
UnSecure is primarily meant to be used over a network connection,
yet is able to work with a modem connection as well. On a Pentium 233,
UnSecure will go through a 37,000 word dictionary in under 5 minutes when
attacking locally. UnSecure will run over a modem, but not nearly as fast
as over a LAN.
NOTE : More than one instance of UnSecure will run at a time, without
slowing down the other instance(s) a great deal. Although there is not
an existing feature to do so automatically, you may run this program
more than once on the same host, at the same time, starting on different
password combinations. UnSecure is not cpu intensive.
2b. Interface
Examples :
The computer name or IP : ftp.xxxxxxxxx.com or mail.xxxxxxxxx.com or x.x.x.x
Port : 110 for most mail servers. 21 for most ftp servers.
Username : The name of the user that you wish to pose as.
Password : You can leave this the way it is.
Reconnect: Some servers will disconnect you if you make x number of incorrect
tries. The reconnect option tells UnSecure to automatically reconnect
if the remote host does disconnect you.
Autosave : This option, when enabled, auto saves your session (all current info.)
as a file called autosave.uns.
*NOTE* You CAN save a session while attacking.
2c. Attack Method
UnSecure uses two methods to accomplish its task. A dictionary attack, and a brute
force attack. A dictionary attack meaning you have a file containing all of the words
and combinations you choose, seperated by spaces or crlf's (carrage return/
linefeed's) to use as guesses.
The brute force method will allow you to try all possible password
combinations using the characters you specify (a-z, A-Z, 0-9, and special).
You may also use a custom character set.
Custom brute force characters : A character set you make up... ex : if you put
ab3... It will try all combinations with the characters a, b and 3.
3. Technicalities and Theory
This idea is based on a well known attack, but has never been exploited like this. Never has
there been a program that allowed anyone to practice this kind of attack.
The program should have a fairly decent client computer, on which UnSecure is running.
The bandwidth is the main slowdown. UnSecure has a far greater potential than what has been
described here. For our examples, we used Pentium 233's. Imagine the speed difference if the
client and host were Pentium II 400Mhz's on a 100Mbit connection.
4. Contact Info
From now on, please only contact the following addresses.
guns@sniperx.net
unsecure@sniperx.net
www.sniperx.net
Greets go to :
The L0pht
MilW0rm
All the Kevins
And, our favorite...
Bill!
This program is deticated to the U.S. goverment and all the others
who just don't get it.