Download presentation
Presentation is loading. Please wait.
1
Information Networking Security and Assurance Lab National Chung Cheng University Yaha
2
Information Networking Security and Assurance Lab National Chung Cheng University 2 Contents Overview Objective Requirements Challenge Procedure Summary
3
Information Networking Security and Assurance Lab National Chung Cheng University 3 Overview Authenticate because where treasuries are What is YAHA YaHa is an HTTP authentication attack tool which tries combinations of user IDs and passwords
4
Information Networking Security and Assurance Lab National Chung Cheng University 4 Objective Attempts HTTP authentication using predefined IDs and Passwords
5
Information Networking Security and Assurance Lab National Chung Cheng University 5 Requirements Software PERL http://www.cpan.org/ PERL LWP module (often included in PERL distributions) http://www.cpan.org/modules/by-module/LWP/
6
Information Networking Security and Assurance Lab National Chung Cheng University 6 Challenge Procedure Downloading YaHa http://www.cirt.net/code/yaha.shtml
7
Information Networking Security and Assurance Lab National Chung Cheng University 7 Challenge Procedure (cont.) Unpacking the YaHa Package
8
Information Networking Security and Assurance Lab National Chung Cheng University 8 Challenge Procedure (cont.) Change Mode and Edit yaha.pl
9
Information Networking Security and Assurance Lab National Chung Cheng University 9 Challenge Procedure (cont.) Adding IDs and Passwords Predefined by Yourself in idlist.txt and pwlist.txt
10
Information Networking Security and Assurance Lab National Chung Cheng University 10 Creating Testbed admin
11
Information Networking Security and Assurance Lab National Chung Cheng University 11 Configuring Apache Server Editing /etc/httpd/conf/httpd.conf
12
Information Networking Security and Assurance Lab National Chung Cheng University 12 Creating a.htaccess file
13
Information Networking Security and Assurance Lab National Chung Cheng University 13 Authentication
14
Information Networking Security and Assurance Lab National Chung Cheng University 14 Usage of YaHa
15
Information Networking Security and Assurance Lab National Chung Cheng University 15 Trying IDs and Passwords
16
Information Networking Security and Assurance Lab National Chung Cheng University 16 Result
17
Information Networking Security and Assurance Lab National Chung Cheng University 17 This is a good tool, but……
18
Information Networking Security and Assurance Lab National Chung Cheng University 18 Summary Yaha Perl script, an HTTP authentication attack tool http authentication Protecting Your Treasuries
Similar presentations
