Access Brute Forcer
Android v7+ application to perform a dictionary brute force attack against a host exposing:
- SMB Windows shares.
- FTP server.
- SSH access.
The application is developed using Android Studio so you can import the project into it in order to compile a APK bundle.
This tool was developed in order to provide help in this case:
During a reconnaissance phase of an authorized penetration test at network level, when a open WIFI network was identified in which hosts are connected and exposes SMB Windows shares (see port 445 opened) / FTP server / SSH access, the goal is to perform a quick evaluation from a smartphone (more easy to launch and hide than a laptop) of the attack surface represented by theses points.
The application allow to download and keep password dictionaries from predefined list of dictionaries or from the device itself (for tailored password dictionaries).
HockeyApp system is used to publish releases and track the applications crashes.
APK release file analysis report:
Working version enhancement
- Nothing in the pipe for the moment...
Build command line
Use the following command line
gradlew clean cleanBuildCache assembleDebug
Follow these steps:
- Create a JKS keystore with a RSA keypair.
- Create a file named keystore.properties at the root folder level (same location than the file
gradlew) with the following content:
storePassword=[StorePassword] keyPassword=[KeyPassword] keyAlias=[KeyAlias] storeFile=[Store file full location or relative location from app sub folder]
# Configuration of the keystore used to sign the released APK storePassword=fB5YDpcvTvQH7Sg399xG49YFK keyPassword=gHTaEq93Xe93c3rWJu8v33WVB keyAlias=keys storeFile=../release-keystore.jks
- Use the following command line
gradlew clean cleanBuildCache assembleRelease
- APK is available in folder
The application should be combined with the following applications to enhance efficiency:
- FING: For WIFI network discovery and target identification,
- FILE MANAGER: To access to Windows SMB Shares, FTP, SSH (via SFTP) content after the credentials identification.
- JUICE SSH: To access via SSH shell if SFTP is not enabled.
Use Fing to identify a target host (copy the host IP or name in the clipboard via Fing copy/paste feature).
Use the app to identify the credentials (paste the host IP or name from the clipboard into the Target field). Port is optional, if not specified then default one is used.
- Use File Manager or Juice SSH to access to the contents.