Access Brute Force - Android v7+ application to perform a dictionary bruteforce attack.

Access Brute Force – Android v7+ application to perform a dictionary bruteforce attack.

Access Brute Force : Android v7+ application to perform a dictionary brute force attack against a host exposing:
+ SMB Windows shares.
+ FTP server.
+ SSH access.
The application is developed using Android Studio so you can import the project into it in order to compile a APK bundle.

Motivation
This tool was developed in order to provide help in this case:

During a reconnaissance phase of an authorized penetration test at network level, when a open WIFI network was identified in which hosts are connected and exposes SMB Windows shares (see port 445 opened) / FTP server / SSH access, the goal is to perform a quick evaluation from a smartphone (more easy to launch and hide than a laptop) of the attack surface represented by theses points.

The application allow to download and keep password dictionaries from predefined list of dictionaries or from the device itself (for tailored password dictionaries).

access_brute_force

Follow these steps:
1. Create a JKS keystore with a RSA keypair.
2. Create a file named keystore.properties at the root folder level (same location than the file gradlew) with the following content:

Example:

3. Use the following command line gradlew clean cleanBuildCache assembleRelease
4. APK is available in folder [ROOT_FOLDER]/app/build/outputs/apk

The application should be combined with the following applications to enhance efficiency:
– FING: For WIFI network discovery and target identification,
– FILE MANAGER: To access to Windows SMB Shares, FTP, SSH (via SFTP) content after the credentials identification.
– JUICE SSH: To access via SSH shell if SFTP is not enabled.

Use and Download:

Source: https://github.com/righettod