SlideShare a Scribd company logo

Cutting accounts down to scythe

Chris John Riley
Chris John Riley

BruCON 2012 (Lightning Talk) Ghent, Belgium (27th Sept. 2012) Cutting accounts down to scythe! ---------- Abstract: ---------- Scythe is a framework for user/account enumeration. It is designed to allow users to easily extend and add new modules as required for POC attacks during penetration tests. The framework offers the ability to check a list of user accounts/email addresses against a given website to see which accounts are valid. Advanced features include cookie and CSRF token support, as well as error detection and timeout/retry functions. Currently in beta, available from gi

Technology
1 of 38
Cutting accounts down to SCYTHE! Chris John Riley
“THE WISEST MAN, IS HE WHO KNOWS, THAT HE KNOWS NOTHING” SOCRATES: APOLOGY, 21D
NOT AN EXPERT!
1) What 2) Why 3) How 4) Q’s
WHAT?
FRAMEWORK FOR USER ENUMERATION
What Written in Python Threaded Modular Description files (XML) Easy to use Hopefully!
WHY?
BECAUSE PENETRATION TESTERS ARE…
Why Speed up account enumeration  POC Examples Offer advanced features  Cookie support  CSRF token collection  Wait / Retries  Threading
HOW?
IT ALL STARTS WITH A MODULE
BASIC
Basic module <module> <site> <name>basic module</name> <url> <![CDATA[https://example.com/signup_check/ username=<ACCOUNT>]]> </url> <method>GET</method> <successmatch>taken</successmatch> </site> </module>
ADVANCED
<!-- Wordpress.com - Logon user enumeration issue --> <module> <site> <name>Wordpress.com</name> <url><![CDATA[https://wordpress.com/wp-login.php]]></url> <method>POST</method> <postParameters> <![CDATA [log=<ACCOUNT>&pwd=<RANDOM>redirect_to=http://wordpress.com]]> </postParameters> <headers></headers> <requestCookie>False</requestCookie> <requestCSRF>False</requestCSRF> <successmatch>The password you entered for the email or user</successmatch> <negativematch>Invalid email or username</negativematch> <errormatch>You have exceeded the login limit</errormatch> <date>13/09/2012</date> <version>2</version> <author>CJR</author> <category>blogs</category> </site> </module>
<!-- Wordpress.com - Logon user enumeration issue --> <module> <site> <name>Wordpress.com</name> <url><![CDATA[https://wordpress.com/wp-login.php]]></url> <method>POST</method> <postParameters> <![CDATA [log=<ACCOUNT>&pwd=<RANDOM>redirect_to=http://wordpress.com]]> </postParameters> <headers></headers> <requestCookie>False</requestCookie> <requestCSRF>False</requestCSRF> <successmatch>The password you entered for the email or user</successmatch> <negativematch>Invalid email or username</negativematch> <errormatch>You have exceeded the login limit</errormatch> <date>13/09/2012</date> <version>2</version> <author>CJR</author> <category>blogs</category> </site> </module>
<!-- Wordpress.com - Logon user enumeration issue --> <module> <site> <name>Wordpress.com</name> <url><![CDATA[https://wordpress.com/wp- login.php]]></url> <method>POST</method> <postParameters> <![CDATA [log=<ACCOUNT>&pwd=<RANDOM>redirect_to= http://wordpress.com]]> </postParameters>
<headers></headers> <requestCookie>False</requestCookie> <requestCSRF>False</requestCSRF> <successmatch>The password you entered for the email or user</successmatch> <negativematch>Invalid email or username</negativematch> <errormatch>You have exceeded the login limit</errormatch> <date>13/09/2012</date> <version>2</version> <author>CJR</author> <category>blogs</category> </site> </module>
ADD A LIST OF USERNAMES / EMAILS
# usernames/email 1 per line test testuser testuser2 testtest devuser … or just -–account=test,test2,…
MIX AND LEAVE TO RUN FOR A FEW MINUTES
How  XML contains replacement points  <ACCOUNT>  <RANDOM>  <CSRFTOKEN>  These are used to create testcases
GOALS
Goals  Flexible Running  Single module (targeted)  --single wordpress.com  Category of modules  --category=blogs  Single account  --account=test  Filename containing accounts  --accountfile=accounts.txt
Goals  Flexible Handling  Error detection  Retry on error (<errorcode>)  -- retries and --retrytime  Handles cookies and CSRF tokens  <CSRF_URL>  <CSRF_regex> to extract token  Insert into request using <CSRFTOKEN>
Goals  Flexible Output  Verbose output  Detailed request info  Output success to file  Summary at completion  Debug mode  Stores body and headers for each request
GITHUB.COM/CHRISJOHNRILEY/SCYTHE
Questions?
GO FORTH AND ENUMERATE ALL THE THINGS!
Thanks for coming http://c22.cc contact@c22.cc

Recommended

Dev traning 2016 intro to the web
Dev traning 2016 intro to the webDev traning 2016 intro to the web
Dev traning 2016 intro to the webSacheen Dhanjie
 
WordPress SugarCRM Customer Portal Pro Plugin
WordPress SugarCRM Customer Portal Pro PluginWordPress SugarCRM Customer Portal Pro Plugin
WordPress SugarCRM Customer Portal Pro PluginBiztech Store
 
Cookies
CookiesCookies
CookiesRamraj Choudhary
 
Latest Java Setting for MCA Portal(MANUAL)
Latest Java Setting for MCA Portal(MANUAL)Latest Java Setting for MCA Portal(MANUAL)
Latest Java Setting for MCA Portal(MANUAL)GAURAV KR SHARMA
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
Defense by numbers: Making problems for script kiddies
Defense by numbers: Making problems for script kiddiesDefense by numbers: Making problems for script kiddies
Defense by numbers: Making problems for script kiddiesChris John Riley
 
Defense by numbers: Making Problems for Script Kiddies and Scanner Monkeys
Defense by numbers: Making Problems for Script Kiddies and Scanner MonkeysDefense by numbers: Making Problems for Script Kiddies and Scanner Monkeys
Defense by numbers: Making Problems for Script Kiddies and Scanner MonkeysChris John Riley
 
Social Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligenceSocial Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligenceE Hacking
 

Recommended

Dev traning 2016 intro to the web
Dev traning 2016 intro to the webDev traning 2016 intro to the web
Dev traning 2016 intro to the webSacheen Dhanjie
 
WordPress SugarCRM Customer Portal Pro Plugin
WordPress SugarCRM Customer Portal Pro PluginWordPress SugarCRM Customer Portal Pro Plugin
WordPress SugarCRM Customer Portal Pro PluginBiztech Store
 
Cookies
CookiesCookies
CookiesRamraj Choudhary
 
Latest Java Setting for MCA Portal(MANUAL)
Latest Java Setting for MCA Portal(MANUAL)Latest Java Setting for MCA Portal(MANUAL)
Latest Java Setting for MCA Portal(MANUAL)GAURAV KR SHARMA
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
Defense by numbers: Making problems for script kiddies
Defense by numbers: Making problems for script kiddiesDefense by numbers: Making problems for script kiddies
Defense by numbers: Making problems for script kiddiesChris John Riley
 
Defense by numbers: Making Problems for Script Kiddies and Scanner Monkeys
Defense by numbers: Making Problems for Script Kiddies and Scanner MonkeysDefense by numbers: Making Problems for Script Kiddies and Scanner Monkeys
Defense by numbers: Making Problems for Script Kiddies and Scanner MonkeysChris John Riley
 
Social Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligenceSocial Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligenceE Hacking
 
C# Advanced L09-HTML5+ASP
C# Advanced L09-HTML5+ASPC# Advanced L09-HTML5+ASP
C# Advanced L09-HTML5+ASPMohammad Shaker
 
Sessions n cookies
Sessions n cookiesSessions n cookies
Sessions n cookiesbaabtra.com - No. 1 supplier of quality freshers
 
Your Custom WordPress Admin Pages Suck
Your Custom WordPress Admin Pages SuckYour Custom WordPress Admin Pages Suck
Your Custom WordPress Admin Pages SuckAnthony Montalbano
 
Struts Intro
Struts IntroStruts Intro
Struts Introguestd8c458
 
08052917365603
0805291736560308052917365603
08052917365603DSKUMAR G
 
Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSOkurtvm
 
Java Servlet Lifecycle
Java Servlet LifecycleJava Servlet Lifecycle
Java Servlet LifecycleAathikaJava
 
Session Management & Cookies In Php
Session Management & Cookies In PhpSession Management & Cookies In Php
Session Management & Cookies In PhpHarit Kothari
 
EWD 3 Training Course Part 11: Handling Errors in QEWD
EWD 3 Training Course Part 11: Handling Errors in QEWDEWD 3 Training Course Part 11: Handling Errors in QEWD
EWD 3 Training Course Part 11: Handling Errors in QEWDRob Tweed
 
Introduction to web design
Introduction to web designIntroduction to web design
Introduction to web designSynapseindiaComplaints
 
Web Design Course - Lecture 18 - Boostrap, Gatting started, grid system, tables
Web Design Course - Lecture 18 - Boostrap, Gatting started, grid system, tablesWeb Design Course - Lecture 18 - Boostrap, Gatting started, grid system, tables
Web Design Course - Lecture 18 - Boostrap, Gatting started, grid system, tablesAl-Mamun Sarkar
 
web technology practicals.pdf
web technology practicals.pdfweb technology practicals.pdf
web technology practicals.pdfNaveenK242465
 
web technology practicals.pdf
web technology practicals.pdfweb technology practicals.pdf
web technology practicals.pdfNaveenK242465
 
Advance Sql Server Store procedure Presentation
Advance Sql Server Store procedure PresentationAdvance Sql Server Store procedure Presentation
Advance Sql Server Store procedure PresentationAmin Uddin
 
Our application got popular and now it breaks
Our application got popular and now it breaksOur application got popular and now it breaks
Our application got popular and now it breaksColdFusionConference
 
Our application got popular and now it breaks
Our application got popular and now it breaksOur application got popular and now it breaks
Our application got popular and now it breaksdevObjective
 
Bootstrap
BootstrapBootstrap
BootstrapSarvesh Kushwaha
 
My journey to use a validation framework
My journey to use a validation frameworkMy journey to use a validation framework
My journey to use a validation frameworksaqibsarwar
 
Stored procedures by thanveer danish melayi
Stored procedures by thanveer danish melayiStored procedures by thanveer danish melayi
Stored procedures by thanveer danish melayiMuhammed Thanveer M
 
Implementation of GUI Framework part3
Implementation of GUI Framework part3Implementation of GUI Framework part3
Implementation of GUI Framework part3masahiroookubo
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 

More Related Content

Similar to Cutting accounts down to scythe

C# Advanced L09-HTML5+ASP
C# Advanced L09-HTML5+ASPC# Advanced L09-HTML5+ASP
C# Advanced L09-HTML5+ASPMohammad Shaker
 
Your Custom WordPress Admin Pages Suck
Your Custom WordPress Admin Pages SuckYour Custom WordPress Admin Pages Suck
Your Custom WordPress Admin Pages SuckAnthony Montalbano
 
08052917365603
0805291736560308052917365603
08052917365603DSKUMAR G
 
Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSOkurtvm
 
Java Servlet Lifecycle
Java Servlet LifecycleJava Servlet Lifecycle
Java Servlet LifecycleAathikaJava
 
Session Management & Cookies In Php
Session Management & Cookies In PhpSession Management & Cookies In Php
Session Management & Cookies In PhpHarit Kothari
 
EWD 3 Training Course Part 11: Handling Errors in QEWD
EWD 3 Training Course Part 11: Handling Errors in QEWDEWD 3 Training Course Part 11: Handling Errors in QEWD
EWD 3 Training Course Part 11: Handling Errors in QEWDRob Tweed
 
Web Design Course - Lecture 18 - Boostrap, Gatting started, grid system, tables
Web Design Course - Lecture 18 - Boostrap, Gatting started, grid system, tablesWeb Design Course - Lecture 18 - Boostrap, Gatting started, grid system, tables
Web Design Course - Lecture 18 - Boostrap, Gatting started, grid system, tablesAl-Mamun Sarkar
 
web technology practicals.pdf
web technology practicals.pdfweb technology practicals.pdf
web technology practicals.pdfNaveenK242465
 
web technology practicals.pdf
web technology practicals.pdfweb technology practicals.pdf
web technology practicals.pdfNaveenK242465
 
Advance Sql Server Store procedure Presentation
Advance Sql Server Store procedure PresentationAdvance Sql Server Store procedure Presentation
Advance Sql Server Store procedure PresentationAmin Uddin
 
Our application got popular and now it breaks
Our application got popular and now it breaksOur application got popular and now it breaks
Our application got popular and now it breaksColdFusionConference
 
Our application got popular and now it breaks
Our application got popular and now it breaksOur application got popular and now it breaks
Our application got popular and now it breaksdevObjective
 
My journey to use a validation framework
My journey to use a validation frameworkMy journey to use a validation framework
My journey to use a validation frameworksaqibsarwar
 
Stored procedures by thanveer danish melayi
Stored procedures by thanveer danish melayiStored procedures by thanveer danish melayi
Stored procedures by thanveer danish melayiMuhammed Thanveer M
 
Implementation of GUI Framework part3
Implementation of GUI Framework part3Implementation of GUI Framework part3
Implementation of GUI Framework part3masahiroookubo
 

Similar to Cutting accounts down to scythe (20)

C# Advanced L09-HTML5+ASP
C# Advanced L09-HTML5+ASPC# Advanced L09-HTML5+ASP
C# Advanced L09-HTML5+ASP
 
Sessions n cookies
Sessions n cookiesSessions n cookies
Sessions n cookies
 
Your Custom WordPress Admin Pages Suck
Your Custom WordPress Admin Pages SuckYour Custom WordPress Admin Pages Suck
Your Custom WordPress Admin Pages Suck
 
Struts Intro
Struts IntroStruts Intro
Struts Intro
 
08052917365603
0805291736560308052917365603
08052917365603
 
Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSO
 
Java Servlet Lifecycle
Java Servlet LifecycleJava Servlet Lifecycle
Java Servlet Lifecycle
 
Session Management & Cookies In Php
Session Management & Cookies In PhpSession Management & Cookies In Php
Session Management & Cookies In Php
 
EWD 3 Training Course Part 11: Handling Errors in QEWD
EWD 3 Training Course Part 11: Handling Errors in QEWDEWD 3 Training Course Part 11: Handling Errors in QEWD
EWD 3 Training Course Part 11: Handling Errors in QEWD
 
Introduction to web design
Introduction to web designIntroduction to web design
Introduction to web design
 
Web Design Course - Lecture 18 - Boostrap, Gatting started, grid system, tables
Web Design Course - Lecture 18 - Boostrap, Gatting started, grid system, tablesWeb Design Course - Lecture 18 - Boostrap, Gatting started, grid system, tables
Web Design Course - Lecture 18 - Boostrap, Gatting started, grid system, tables
 
web technology practicals.pdf
web technology practicals.pdfweb technology practicals.pdf
web technology practicals.pdf
 
web technology practicals.pdf
web technology practicals.pdfweb technology practicals.pdf
web technology practicals.pdf
 
Advance Sql Server Store procedure Presentation
Advance Sql Server Store procedure PresentationAdvance Sql Server Store procedure Presentation
Advance Sql Server Store procedure Presentation
 
Our application got popular and now it breaks
Our application got popular and now it breaksOur application got popular and now it breaks
Our application got popular and now it breaks
 
Our application got popular and now it breaks
Our application got popular and now it breaksOur application got popular and now it breaks
Our application got popular and now it breaks
 
Bootstrap
BootstrapBootstrap
Bootstrap
 
My journey to use a validation framework
My journey to use a validation frameworkMy journey to use a validation framework
My journey to use a validation framework
 
Stored procedures by thanveer danish melayi
Stored procedures by thanveer danish melayiStored procedures by thanveer danish melayi
Stored procedures by thanveer danish melayi
 
Implementation of GUI Framework part3
Implementation of GUI Framework part3Implementation of GUI Framework part3
Implementation of GUI Framework part3
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Recently uploaded (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Cutting accounts down to scythe

  • 1. Cutting accounts down to SCYTHE! Chris John Riley
  • 2.
  • 3. “THE WISEST MAN, IS HE WHO KNOWS, THAT HE KNOWS NOTHING” SOCRATES: APOLOGY, 21D
  • 5. 1) What 2) Why 3) How 4) Q’s
  • 7. FRAMEWORK FOR USER ENUMERATION
  • 8.
  • 9. What Written in Python Threaded Modular Description files (XML) Easy to use Hopefully!
  • 10. WHY?
  • 12.
  • 13. Why Speed up account enumeration  POC Examples Offer advanced features  Cookie support  CSRF token collection  Wait / Retries  Threading
  • 14. HOW?
  • 15. IT ALL STARTS WITH A MODULE
  • 16. BASIC
  • 17. Basic module <module> <site> <name>basic module</name> <url> <![CDATA[https://example.com/signup_check/ username=<ACCOUNT>]]> </url> <method>GET</method> <successmatch>taken</successmatch> </site> </module>
  • 19. <!-- Wordpress.com - Logon user enumeration issue --> <module> <site> <name>Wordpress.com</name> <url><![CDATA[https://wordpress.com/wp-login.php]]></url> <method>POST</method> <postParameters> <![CDATA [log=<ACCOUNT>&pwd=<RANDOM>redirect_to=http://wordpress.com]]> </postParameters> <headers></headers> <requestCookie>False</requestCookie> <requestCSRF>False</requestCSRF> <successmatch>The password you entered for the email or user</successmatch> <negativematch>Invalid email or username</negativematch> <errormatch>You have exceeded the login limit</errormatch> <date>13/09/2012</date> <version>2</version> <author>CJR</author> <category>blogs</category> </site> </module>
  • 20. <!-- Wordpress.com - Logon user enumeration issue --> <module> <site> <name>Wordpress.com</name> <url><![CDATA[https://wordpress.com/wp-login.php]]></url> <method>POST</method> <postParameters> <![CDATA [log=<ACCOUNT>&pwd=<RANDOM>redirect_to=http://wordpress.com]]> </postParameters> <headers></headers> <requestCookie>False</requestCookie> <requestCSRF>False</requestCSRF> <successmatch>The password you entered for the email or user</successmatch> <negativematch>Invalid email or username</negativematch> <errormatch>You have exceeded the login limit</errormatch> <date>13/09/2012</date> <version>2</version> <author>CJR</author> <category>blogs</category> </site> </module>
  • 21. <!-- Wordpress.com - Logon user enumeration issue --> <module> <site> <name>Wordpress.com</name> <url><![CDATA[https://wordpress.com/wp- login.php]]></url> <method>POST</method> <postParameters> <![CDATA [log=<ACCOUNT>&pwd=<RANDOM>redirect_to= http://wordpress.com]]> </postParameters>
  • 22. <headers></headers> <requestCookie>False</requestCookie> <requestCSRF>False</requestCSRF> <successmatch>The password you entered for the email or user</successmatch> <negativematch>Invalid email or username</negativematch> <errormatch>You have exceeded the login limit</errormatch> <date>13/09/2012</date> <version>2</version> <author>CJR</author> <category>blogs</category> </site> </module>
  • 23. ADD A LIST OF USERNAMES / EMAILS
  • 24. # usernames/email 1 per line test testuser testuser2 testtest devuser … or just -–account=test,test2,…
  • 25. MIX AND LEAVE TO RUN FOR A FEW MINUTES
  • 26.
  • 27.
  • 28. How  XML contains replacement points  <ACCOUNT>  <RANDOM>  <CSRFTOKEN>  These are used to create testcases
  • 29. GOALS
  • 30. Goals  Flexible Running  Single module (targeted)  --single wordpress.com  Category of modules  --category=blogs  Single account  --account=test  Filename containing accounts  --accountfile=accounts.txt
  • 31. Goals  Flexible Handling  Error detection  Retry on error (<errorcode>)  -- retries and --retrytime  Handles cookies and CSRF tokens  <CSRF_URL>  <CSRF_regex> to extract token  Insert into request using <CSRFTOKEN>
  • 32. Goals  Flexible Output  Verbose output  Detailed request info  Output success to file  Summary at completion  Debug mode  Stores body and headers for each request
  • 33.
  • 34.
  • 37. GO FORTH AND ENUMERATE ALL THE THINGS!
  • 38. Thanks for coming http://c22.cc contact@c22.cc