Tartarus Password Cracker

[ataxicwolf]

Hey everybody,

I thought I'd share a new python script I wrote. Tartarus cracks HTTP authentication with a dictionary word list. For now it runs only on linux, but I'm sure it wouldn't be too difficult to make a windows version. Feel free to tell me things I could do better, or improve on the code yourself. Anyways, here are the links:

Tartarus v1.0:
http://www.photels.org/tartarus/source.py

Video of Tartarus v1.0: (in ogg format)
http://www.photels.org/tartarus/video.ogg

Small word list:
http://www.photels.org/tartarus/words.txt

[trevelyn]

wow cool!

EDIT:
wholey fuck! this works better than Hydra has EVER worked for me!!  You know, there's still a lot of servers that you can brute force, without it banning your IP or pausing.  And this will definitely work on ANY router I have seen.  I used it against my WRT54G and an Airport Base station, and it pwn3d them. great script man!

[ataxicwolf]

Thanks Trevelyn 

and yeah I've been thinking about implementing brute force, and maybe some other protocols too.

[trevelyn]

worked against cpanel on 2dialphreak!  and 2 more routers! how would you make one not for http? like for udp maybe? e.g. ssh.

oh and i made a MASSIVE words.txt file from this website case anyone wants to use this tool:
http://www.theargon.com/achilles/wordlists/

[Tachyon]

wow cool!

EDIT:
wholey fuck! this works better than Hydra has EVER worked for me!!  You know, there's still a lot of servers that you can brute force, without it banning your IP or pausing.  And this will definitely work on ANY router I have seen.  I used it against my WRT54G and an Airport Base station, and it pwn3d them. great script man!

Hey Trev I'm new to Linux and haxorin and shizz (Read about 3/4 of the Slackbook though), but can't you download the relevant file you need to crack and do it locally so as to not arouse suspicion?

[trevelyn]

not with routers, some routers (Cisco) we were able to actually pull the config file out of it and rewrite it, then inject it back into the damn thing using quick make-shift tftp servers.  Which was fucking awesome, but, if you were to bruteforce WPA or WPA2 then yeah, the file is a .cap file which get's generated by a sniffing program.  If you sniff for WPA or WPA2 you have to deauth a client (send fake "fuck off" packets that the client would think came from the router.  Then when the client re-authenticates (usually with windows is instantaneous) you get what's called a handshake which you can bruteforce all you want without the router knowing.  but also, my logs in my router don't show a single failed attempt to get in.  ??  i tried like 300 passwds on it too.  nor does the shitty base station which is odd.  If this worked for ssh and telnet, and Server Message Block (windows share) that would be so cool..  I can't believe cpanel is that lame..   

[ataxicwolf]

yeah I've been using it on my server which has cpanel, its amazing how easy it is. I want to try and implement a fast way of cracking FTP, because I had it working before but it was un-usably slow, even on a small word list. I'll look around and see if there's a way to speed it up. Also, Trev your base-station uses HTTP to authenticate? Maybe I'm an idiot but I've only been able to connect with firefox then use HTML forms. Is this a difference in the base-stations or should I be connecting someway else?

[trevelyn]

http://www.mac512.com/Macsupportfiles/bases7.gif

like that? mine is at my brothers house, he actually tried it.  We should have a bot net run this script against thousands of IPs at port 80! My own mediocre attempt at humor has been highly amusing to myself.

[ataxicwolf]

Here's a screen-shot of the login page.

[ataxicwolf]

Hey so I've looked into how well Tartarus could handle brute forcing, and it doesn't look too good. I'm getting about 8 attempts a second on Tartarus right now, which means that it would take somewhere around 3 days to crack a 6-digit long password of just numbers of HTTP Authentication. Anything more than that isn't exactly practical. But I think I'll put in a user-list function so that you can try even if you're not sure of the username, and I'm still looking at FTP right now.