Information Networking Security and Assurance Lab National Chung Cheng University Yaha
Information Networking Security and Assurance Lab National Chung Cheng University 2 Contents Overview Objective Requirements Challenge Procedure Summary
Information Networking Security and Assurance Lab National Chung Cheng University 3 Overview Authenticate because where treasuries are What is YAHA YaHa is an HTTP authentication attack tool which tries combinations of user IDs and passwords
Information Networking Security and Assurance Lab National Chung Cheng University 4 Objective Attempts HTTP authentication using predefined IDs and Passwords
Information Networking Security and Assurance Lab National Chung Cheng University 5 Requirements Software PERL PERL LWP module (often included in PERL distributions)
Information Networking Security and Assurance Lab National Chung Cheng University 6 Challenge Procedure Downloading YaHa
Information Networking Security and Assurance Lab National Chung Cheng University 7 Challenge Procedure (cont.) Unpacking the YaHa Package
Information Networking Security and Assurance Lab National Chung Cheng University 8 Challenge Procedure (cont.) Change Mode and Edit yaha.pl
Information Networking Security and Assurance Lab National Chung Cheng University 9 Challenge Procedure (cont.) Adding IDs and Passwords Predefined by Yourself in idlist.txt and pwlist.txt
Information Networking Security and Assurance Lab National Chung Cheng University 10 Creating Testbed admin
Information Networking Security and Assurance Lab National Chung Cheng University 11 Configuring Apache Server Editing /etc/httpd/conf/httpd.conf
Information Networking Security and Assurance Lab National Chung Cheng University 12 Creating a.htaccess file
Information Networking Security and Assurance Lab National Chung Cheng University 13 Authentication
Information Networking Security and Assurance Lab National Chung Cheng University 14 Usage of YaHa
Information Networking Security and Assurance Lab National Chung Cheng University 15 Trying IDs and Passwords
Information Networking Security and Assurance Lab National Chung Cheng University 16 Result
Information Networking Security and Assurance Lab National Chung Cheng University 17 This is a good tool, but……
Information Networking Security and Assurance Lab National Chung Cheng University 18 Summary Yaha Perl script, an HTTP authentication attack tool http authentication Protecting Your Treasuries