Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re: Brute Force Attacks

by onelesd (Pilgrim)
on Nov 06, 2011 at 02:05 UTC ( #936215=note: print w/replies, xml ) Need Help??


in reply to Brute Force Attacks

Please edit your post or re-post altogether, as something went horribly wrong. Make sure to use the "preview" button.

Replies are listed 'Best First'.
Brute Force Attacks
by AbCraig (Initiate) on Nov 06, 2011 at 02:23 UTC

    I am relatively new to perl and would like some assistance. I have been at this for quite some time. What I am looking for is a way to extract certain information from a log file. I have attached a sample of the log file and the desired output as well as the code I have thus far

    ======================================= Request: 10.122.11.235 - - Tue Mar 9 22:27:46 2004 "GET http://sbc2.login.dcn.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=loginc&passwd=PASS HTTP/1.0" 200 566 Handler: proxy-server Error: mod_security: pausing http://sbc2.login.dcn.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=loginc&passwd=PASS for 50000 ms ---------------------------------------- GET http://sbc2.login.dcn.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=loginc&passwd=PASS HTTP/1.0 Accept: */* Accept-Language: en Connection: Keep-Alive mod_security-message: Access denied with code 200. Pattern match "passwd=" at THE_REQUEST. mod_security-action: 200 HTTP/1.0 200 OK Connection: close

    SAMPLE OUTPUT I AM LOOKING FOR:
    Attacker’s address 10.122.11.235
    Username:loginc,Password:exodus:PASS

    I have been extracting data from the log file for example, the Top 10 results of mod_security-message header. I am looking for something similar. Thanks

    open (LOGFILE2,"audit_log") || die " Error opening log file $logFile. +\n"; #printf "<pre>\n"; while (<LOGFILE2>) { if (/mod_security-message[:](.*)\./) { $MOD_SEC{$1}++ } close (LOGFILE); #--------------------------------------# # Output the number of hits per file # #--------------------------------------# print "TOP $NUM_RECS_TO_PRINT PATTERN MATCH:\n"; print "-----------------------------\n\n"; $count=1; foreach my $modsec (sort {$MOD_SEC{$b} <=> $MOD_SEC{$a}} (keys(%MOD +_SEC))) { last if ($count > $NUM_RECS_TO_PRINT); print "$count\t$modsec= $MOD_SEC{$modsec} \n"; $count++; } print "\n\n";
      Is this a log file format that you came up with? If so, and if it's a format you can modify, I suggest you change the format to better fit your needs. Logs are usually meant to be read (easily) by humans and yours is giving me a headache.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://936215]
help
Chatterbox?
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (3)
As of 2018-04-25 01:42 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Notices?