Spotting Aggressive Clandestine BotNets

04-09-2017

Administrator

19,118, 3,359

Join Date: Sep 2000

Last Activity: 15 July 2022, 8:51 AM EDT

Location: Asia Pacific, Cyberspace, in the Dark Dystopia

Posts: 19,118

Thanks Given: 2,351

Thanked 3,359 Times in 1,878 Posts

Spotting Aggressive Clandestine BotNets

Spotting Aggressive Clandestine BotNets

"Yesterday was making a typical “evening run” in cyberspace and noticed a strange pattern, zoomed in, and found a aggressive clandestine “indexing” botnet operating out of a dedicated hosting provider’s datacenter. The feature image in this post shows a screen capture of this visual. I’m finding spotting clandestine botnets easier than before I designed and coded this cyberspace SA visualization tool."

Cyberspace engineers, read the full post here...

Neo

View Public Profile for Neo

Visit Neo's homepage!

Find all posts by Neo

PSK-CRACK(1) General Commands Manual PSK-CRACK(1) NAME
psk-crack - Crack IKE Aggressive Mode Pre-Shared Keys SYNOPSIS
psk-crack [options] <psk-parameters-file> <psk-parameters-file> is a file containing the parameters for the pre-shared key cracking process in the format generated by ike-scan with the --pskcrack (-P) option. This file can contain one or more entries. For multiple entries, each one must be on a separate line. The program can crack either MD5 or SHA1-based hashes. The type of hash is automatically determined from the length of the hash (16 bytes for MD5 or 20 bytes for SHA1). Each entry in the <psk-parameters-file> is handled separately, so it is possible to crack a mixture of MD5 and SHA1 hashes. psk-crack can also crack the proprietary hash format used by Nortel Contivity / VPN Router systems. When cracking Nortel format hashes, you need to specify the username of the hash that you are cracking with the --norteluser (-u) option. When cracking Nortel format hashes, you can only crack one hash at a time. By default, psk-crack will perform dictionary cracking using the default dictionary. The dictionary can be changed with the --dictionary (-d) option, or brute-force cracking can be selected with the --bruteforce (-B) option. DESCRIPTION
psk-crack attempts to crack IKE Aggressive Mode pre-shared keys that have previously been gathered using ike-scan with the --pskcrack option. psk-crack can operate in two different modes: 1) Dictionary cracking mode: this is the default mode in which psk-crack tries each candidate word from the dictionary file in turn until it finds a match, or all the words in the dictionary have been tried. 2) Brute-force cracking mode: in this mode, psk-crack tries all possible combinations of a specified character set up to a given length. OPTIONS
--help or -h Display this usage message and exit. --version or -V Display program version and exit. --verbose or -v Display verbose progress messages. --dictionary=<f> or -d <f> Set dictionary file to <f>. The default is /usr/local/share/ike-scan/psk-crack-dictionary. --norteluser=<u> or -u <u> Specify the username for Nortel Contivity cracking. This option is required when cracking pre-shared keys on Nortel Contivity / VPN Router systems. These systems use a proprietary method to calculate the hash that includes the username. This option is only needed when cracking Nortel format hashes, and should not be used for standard format hashes. --bruteforce=<n> or -B <n> Select bruteforce cracking up to <n> characters. --charset=<s> or -c <s> Set bruteforce character set to <s> Default is "0123456789abcdefghijklmnopqrstuvwxyz" AUTHOR
Roy Hills <Roy.Hills@nta-monitor.com> February 14, 2005 PSK-CRACK(1)

What is on Your Mind?

Spotting Aggressive Clandestine BotNets

1 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Spotting lowercase SQL code

Discussion started by: figaro

LEARN ABOUT DEBIAN

psk-crack