Access Brute Force – Android v7+ application to perform a dictionary bruteforce attack.

Access Brute Force : Android v7+ application to perform a dictionary brute force attack against a host exposing:
+ SMB Windows shares.
+ FTP server.
+ SSH access.
The application is developed using Android Studio so you can import the project into it in order to compile a APK bundle.

Motivation
This tool was developed in order to provide help in this case:

During a reconnaissance phase of an authorized penetration test at network level, when a open WIFI network was identified in which hosts are connected and exposes SMB Windows shares (see port 445 opened) / FTP server / SSH access, the goal is to perform a quick evaluation from a smartphone (more easy to launch and hide than a laptop) of the attack surface represented by theses points.

The application allow to download and keep password dictionaries from predefined list of dictionaries or from the device itself (for tailored password dictionaries).

access_brute_force

Follow these steps:
1. Create a JKS keystore with a RSA keypair.
2. Create a file named keystore.properties at the root folder level (same location than the file gradlew) with the following content:

storePassword=[StorePassword]
keyPassword=[KeyPassword]
keyAlias=[KeyAlias]
storeFile=[Store file full location or relative location from app sub folder]

Example:

# Configuration of the keystore used to sign the released APK
storePassword=fB5YDpcvTvQH7Sg399xG49YFK
keyPassword=gHTaEq93Xe93c3rWJu8v33WVB
keyAlias=keys
storeFile=../release-keystore.jks

3. Use the following command line gradlew clean cleanBuildCache assembleRelease
4. APK is available in folder [ROOT_FOLDER]/app/build/outputs/apk

The application should be combined with the following applications to enhance efficiency:
– FING: For WIFI network discovery and target identification,
– FILE MANAGER: To access to Windows SMB Shares, FTP, SSH (via SFTP) content after the credentials identification.
– JUICE SSH: To access via SSH shell if SFTP is not enabled.

Use and Download:

git clone https://github.com/righettod/access-brute-forcer && cd access-brute-forcer
gradlew clean cleanBuildCache assembleDebug

Or Download APK Binary Here;
https://rink.hockeyapp.net/apps/64dd8a3981644cfd9923617dc0d05989

Source: https://github.com/righettod