***************************************************************************** UnSecure ver 1.0 Copyright (c) 1998 SniperX, All rights reserved For news and updates visit www.SniperX.net ***************************************************************************** Contents: 1. Introduction 2. Using UnSecure 2a. Basic Information 2b. Interface 2c. Attack Methods 3. Technicalities and Theory 4. Contact Info ***************************************************************************** 1. Introduction Most people believe the Internet is secure and near impossible to break into. Since we know differently, we decided to provide means for everyone to experiment with the Internet's Security. Through UnSecure, the world will gain a better idea on whether or not they're safe. UnSecure is a Brute Forcing program to exploit flaws with the worlds current Internet Security. This program is able to try every possible password combination, and pinpoint the users password. UnSecure can currently break into most Windows 95/98, Windows NT, Mac, Unix and other OS servers with or without a firewall. Some people say the time to Brute Force a server can take years. This is true if your password is: Password: 2@#{v3LpQ+?"$! Now that's a fourteen character password containing uppercase, lowercase, numerical, and special characters. Unfortunately we both know that the average users password is 6 lowercase alphanumeric characters. This enables UnSecure to pinpoint a password quickly. 2. Using UnSecure - Click connect to start! 2a. Basic Information UnSecure is primarily meant to be used over a network connection, yet is able to work with a modem connection as well. On a Pentium 233, UnSecure will go through a 25,000 word dictionary in under 5 minutes when attacking locally. UnSecure will run over a modem, but not nearly as fast as over a LAN. NOTE : More than one instance of UnSecure will run at a time, without slowing down the other instance(s) a great deal... Attack multiple things at one time! 2b. Interface Examples : The computer name or IP : ftp.xxxxxxxxx.com or mail.xxxxxxxxx.com or x.x.x.x Port : 110 for most mail servers. 21 for most ftp servers. Username : The name of the user that you wish to pose as. Password : You can leave this the way it is. Custom brute force characters : A character set you make up... ex : if you put ab3... It will try all combinations with the characters a, b and 3. 2c. Attack Method UnSecure uses two methods to accomplish its task. A dictionary attack, and a brute force attack. A dictionary attack meaning you have a file containing all of the words and combinations you choose to use as guesses. 3. Technicalities and Theory This idea is based on a well known attack, but has never been exploited like this. Never has there been a program that allowed anyone to practice this kind of attack. The program should have a fairly decent client computer, on which UnSecure is running. The bandwidth is not really a problem. The main slowdown comes from a slow server (host) computer. UnSecure has a far greater potential than what has been described here. For our examples, we used Pentium 233's. Imagine the speed difference if the client and host were Pentium II 450Mhz's. 4. Contact Info utah@sniperx.net guns@sniperx.net unsecure@sniperx.net - Improvements... Bugs... www.sniperx.net