27 replies to this topic

[Yevilknight]

i searching the

Nova's Radmin Dictionary Password Hacker

but i dont found it with google and the download url are down!
can anybuddy give me this progy??

[ViBi]

Oh would be really nice if someone could upload that file again.

I supply the (free)space

ftp://gmgkrdnp:govsec@home.arcor.de
http://home.arcor.de/gmgkrdnp/

//Edit: I tried ViXSCAN but a non-gui-bruter like SQLck would be quite handier

[twistedps]

ive always been skeptical about brute forcing radmin, and without using this script method, i dont know how its done. I researched radmin stuff a while ago, and its all key based encryption when its sent out, so its a different hash being sent out. unless you knew the key to that hash each time, and then encoded it, i dont know of a way to do it via pure programming without the hash algorithm.
VIXVVXIV, can you shed some light onto the subject?

[Web-Hack]

#!/usr/bin/perl

use IO::Socket;





##################################################

#           Radmin with empty password scanner

#

#                   usage: ./scan.pl 213.59.*.*

#  thanx to Forb

#             Coded by  Satir (satir@cyberlords.net) from CyberLords [cyberlords.net]

################################################################################

#####



$|++; 

use IO::Socket;  ## ????? ??????



$pids=10;  ## Count of threads

$port = 4899; ## Default port

$tout = 5;  ## Default timeout

$log = 'scan.log'; ## Default logfile





$once=0;

$fatal=0;



if (@ARGV[0]=~/((.*)\.(.*)\.(.*)\.(.*))/) {

     $netmask = $1;

     $n1 = $2;

     $n2 = $3;

     $n3 = $4;

     $n4 = $5; 

}



quit("Incorrect port") if ($port=~/\D/);

quit("No hostmask given") unless $netmask;

check();



while(1) {  

  @ips=@ipz[$once..$once+$pids]; 

  for ($i=0;$i<=$pids;$i++) {  

    unless($ips[$i]) { 

      killpidz();  

      exit print "Scan is complete\n";

    }

    

    

if ($pid=fork()) {  

push(@forked,$pid);

} else {

      $res=check_radmin($ips[$i],$port);  

      logg($ips[$i],$res) if ($res ne 0);

      exit;

    }

  }

  $once+=$pids;

  killpidz();

}



sub check {  

  for ($i=0;$i<=254;$i++) {  

    $ipi = $i;  

    if ($n2 ne '*')  { $i = 254,$ipi = $n2 }  

    for ($j=0;$j<=254;$j++) {  

      $ipj = $j;  

      if ($n3 ne '*')  { $j = 254,$ipj = $n3 }  

        for ($k=1;$k<=254;$k++) {

          $ipk = $k;

          if ($n4 ne '*') { $k = 254,$ipi = $n2 }  

          my($ipaddr) = "$n1\.$ipi\.$ipj\.$ipk"; 

          chomp($ipaddr);

          push(@ipz,$ipaddr); 

       }

    }

  }

}



sub quit {

  my($reason)=@_;

  print "$reason\n" if $reason;

  exit; 

}



sub logg { 

  my($ip,$ans)=@_; 

  open(LOGG,">>$log");

  $str="NULL PASS!!!" if $ans eq 1;

  $str="need pass." if $ans eq 2;

  

  print LOGG "$ip:$port : $str\n";

  close(LOGG);

}



sub killpidz { 

  foreach (@forked) {

    chomp;

    waitpid($_,0);

    kill("TERM" => $_)

  }

  undef @forked;

}





sub check_radmin{

($host,$port)=@_;



  $sock=IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Photo => "tcp");

  

  if($sock)

  {

    $sock->send("\x01\x00\x00\x00\x01\x00\x00\x00\x08\x08");

    $sock->recv($data,1024);  

    close($sock);

    

    @marks=split(//,$data);  

    foreach(@marks){

      $string.=unpack('H8', $_);

    }  

    if($string=~/a080/g){

      return 1;

    }

    else{

      return 2;

    } 

    

   }else { return 0;}

}

[SantaSemperChi]

@ VIX:
in your website the radmin brute package is corrupted, i tried to unzip it but it shows me an error like "archive is demaged or it is an unknown format"

[alzeimeur]

The link to the program is down

Can Nova or anyone else, repost it ?

thanx in advance


al"

[Lanstat]

It worked great, but i have few suggestions
It should automatically close the previous windows
And isn't there an option to use proxy or something similar?

I tried on my local pc but all stuff was logged

[hcoca]

The link to the program is down 

Can Nova or anyone else, repost it ?

thanx in advance


al"

<{POST_SNAPBACK}>

why dont u try at Nova's Site...

[q7x]

tanx
but you can use hash tables
hash tables is very fast and esay method

[PsyXhO]

Pretty nice script, but:

Access forbidden!
You don't have permission to access the requested object. It is either read-protected or not readable by the server.


Seconding alzeimeur's request, do you think you could provide us with another link?

Thanks

[Tyler]

I also get access forbidden probably becasue of the user of bandwidth. I would prefer a compiled versoin if possible so that i can test it out. I know it's still beta but if someone can host it i am interested in trying it out. Thanks for all the hard work you have dont to put into it. I myself have been trying to program a rootkit so that all you have to do is type site exec radmin.exe <port> but it only seems to work with perameters but if any of you know how to do with incorperating the perameters in a string so you have like radmin.exe and if you leave it blank it has a default port of somethin like 29932 or somethign random and then if you put the port after like radmin.exe <port> it would be saved as that port. I have spent a lot of time trying to do this and haven't had to much success so if you could let me know tha twoudl be awesome

[alexj]

Can somebody upload this again cause i really need it. I need to find out the Password in a LAN.