EliteSys Entry 2.05 Manual

Visit EliteSys, home of Entry Pro

This program is designed and intended specifically for legal security testing purposes.
Do not use this program to gain illegal access to any computer or information.
Do not use this program to stage an illegal attack on any computer or online system.

Quick Start

This section is intended to help "newbies" use Entry LE as quickly and easily as possible.

Download Entry LE from the EliteSys website.
Create a directory (folder) on your computer called c:\Program Files\EntryLE.
Use WinZip, or any other ZIP utility, to decompress the Entry archive into the directory (folder) you just created.
Using your Internet browser, find the link on your website titled Members Section (or its equivalent). Right-click this link and choose Copy Shortcut (or Copy Link Location).
Run (double-click) Entry. Choose File...New from the drop-down menu.
Click on the URL box and Press Ctrl-V to paste the URL into Entry.
Click OK. Entry should now say Ready to go online....
Press Ctrl-8 to go online. If you are connected to the Internet, Entry will start attempting to access the secure URL, using the usernames and passwords in the default wordlist file.

For more detail, please read the rest of this manual.

Text in GREEN applies to Entry Pro users only.

Program Requirements

IBM-PC or compatible;
Windows 95/98;
A direct Ethernet connection to the Internet, or a dialup SLIP or PPP account from an Internet service provider;
A TCP/IP stack;
A wordlist (optional, but recommended).

About EliteSys Entry

As the size and use of the Internet grows, so grows the need for reliable Internet security measures. Although many new technologies have been developed to ensure transport-level security, there has been little effort to ensure security at the user level.

Because the majority of Internet sites have very poor password assignment policies, they can easily be compromised by a brute-force attack. Administrators, or any other privileged users, should use this program to determine if their account/system is truly robust and secure.

Creating a good wordlist

For the majority of sites, a wordlist attack will be faster and more successful than a generator attack. The construction of a good wordlist, therefore, is very important.

A effective wordlist contains keywords which are relevant to the site and its users. For example, if you are making an attack against the Chicago Sentinel Online, you should add chicago, sentinel, online, press, news, extra, scoop, etc., to a basic list of names and other common passwords. An effective list contains AT LEAST fifty words, and may contain hundreds or even thousands.

For lists of names and other common words, visit the EliteSys Wordlist Library at http://web.idirect.com/~elitesys/lists.html.

Setting attack options

Entry has a number of configurable settings, to allow customization of any attack.

Pause X seconds between login attempts
If this option is unchecked, Entry will make login attempts as quickly as possible (3 or more every second).

Automatically save progress after every X attempts
If this option is checked, Entry will perform a Lazy Save after every X attempts.

If you have not already chosen a name for the current session file, Autosave.eaf will be used.

Give up after X attempts
If this option is unchecked, Entry will make the maximum possible number of attempts before stopping the attack (approximately 2.1 billion).

Autmatically skip words over/under X characters
If these options are checked, Entry will filter all wordlist-supplied words by length automatically while in online mode.

Maintain log of cracked sites
If this option is checked, all working username/password combinations will be recorded in a log file in the program directory, entrylog.html. This log file may be viewed by any web browser software.

Click here to see a sample log file.

Launch browser after finding a good username and password
If this option is checked, any cracked FTP site or HTTP document will automatically be loaded in your default web browser.

Don't stop after the first good username and password
If this option is unchecked, Entry will automatically go offline if a working username/password combination is found.

If this option is checked, Entry will write any working username/password combinations to the log file, and continue the attack until all possible attempts have been made.

Agent Name
Most web browsers use an "agent" name to identify themselves to HTTP servers. Entry will use the contents of this field as its agent name.

The default Agent name for Entry is EliteSys Entry/2.0 (Win32).

Preparing an online attack

To prepare an online attack, select File...New from Entry's drop-down menu and enter the necessary information:

Title
This title will appear on Entry's session status display. If you do not enter anything in this box, a default title will be displayed.

URL
Type the secure HTTP or FTP address, or POP3 server, in this box. Here are some examples of good Entry URLs:

http://members.myserver.com/secure/document.html
http://cia.com:81/ghetto/crack/plans.doc
http://topsecret.co.jp/
http://207.136.80.38/~elitesys/secure/
ftp://ftp.myserver.com
ftp://webhost.org/
pop3://mail.myinternet.com
pop3://othermail.myinternet.com:111

All URLs must start with either http://, ftp://, or pop3://, according to the protocol you wish to use.

Username, Password Source
There are four choices for a username/password source:

Wordlist: Usernames and/or passwords will be extracted from a list (a.k.a. dictionary) supplied by the user. Enter the wordlist filename in this box.
Generator: Usernames and/or passwords will be generated internally. Entry will create every possible permutation of characters for the length(s) and character set(s) you choose.
Static: If you already know the username or password you want to test, you may type it directly in this box. It will not change during the session.
Copy Password from Username: If this option is chosen, passwords will be copied from the username source.

If you are testing the security of a POP3 email account, you must always use the Static Username option.

Request Method
Entry can request a HTTP document in one of two ways: GET or HEAD. A GET request will attempt to retrieve the entire protected document, while a HEAD request will only attempt to retrieve the document's header information (description).

Using the HEAD method may cause Entry to run slightly faster, as less bandwidth will be used. However, some web servers are configured to ignore authentication via HEAD; in those cases, GET should be chosen.

This setting is ignored for FTP sites and POP3 mailboxes.

Character Sets
If you choose to have usernames and/or passwords supplied by the generator, you must check at least one of these boxes. The generator will use all characters in the selected set(s) to generate possible usernames and/or passwords.

Lowercase:: 'a' to 'z'
Uppercase:: 'A' to 'Z'
Numbers:: '0' to '9'
Punctuation:: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~

Wordlist format
If you choose to have usernames and/or passwords supplied by a wordlist, you must also input that wordlist's format. There are three different wordlist formats supported by Entry:

Normal (Sample list): Each line of text will be interpreted as a separate word.
Username : Password (Sample list): Each line of text will be interpreted as two words separated by a colon, if a colon is present.
Username TAB Password (Sample list): Each line of text will be interpreted as two words separated by a tab, if a tab is present.

In order to use a wordlist in the tab or colon format, you must set the Password source to Copy Password from Username.

Distributed Attack
This option can split an attack into up to 99 segments, any of which may take place on a different machine. Running simultaneous attacks on this fashion can be substantially faster, and may provide a more accurate test of your system's robustness. You specify the number of attackers, the session file output directory, and the session file name.
For example, if you enter...

Number of Attackers: 6

Session File Name: mysite

Output Directory: c:\windows\temp

...these session files will be created...

c:\windows\temp\mysite1.eaf
c:\windows\temp\mysite2.eaf
c:\windows\temp\mysite3.eaf
c:\windows\temp\mysite4.eaf
c:\windows\temp\mysite5.eaf
c:\windows\temp\mysite6.eaf

If files with those names already exist, they will be overwritten.

Both Entry Pro and Entry LE can use distributed attack status files. For security reasons, only Entry Pro users may initiate a distributed attack.

If you intend to create distributed attack status files for use on multiple computers, we recommend that you give relative file names for any wordlists you use, i.e. wordlist.txt instead of C:\Program Files\EntryLE\wordlist.txt. This will prevent a possible Wordlist not found error on those other computers.

Using a HTTP proxy server

A HTTP proxy acts as a go-between for your computer and the HTTP server. You ask it to retrieve a page from a website on your behalf; the proxy passes the page along to you, (usually) without modification. We recommend you do not enable this option unless you absolutely need to, as it can slow down program operation.

Starting an online attack

If you entered the information in the New Attack box correctly, the attack status screen will be shown. To begin the attack, press the Online button or select Connection...Online from the drop-down menu.

During an attack, Entry will automatically enter offline mode if:

A good username/password combination is found (and the Don't stop... Properties option is unchecked);
All combinations have been tried;
There is a server or connection error.

Title Bar
The title, URL, and attack mode (Single User or Distributed) for the current session are shown here.

Status
This message shows the current status of your attack session.

Tried
The number of unsuccessful login attempts made during this session is shown here.

Skipped
The number of login attempts skipped during this session is shown here.

Progress Bar
This bar shows the percentage of attack completion. When it becomes totally blue, all username/password combinations have been tried.

The progress bar is inactive during a Distributed Attack.

Username, Password
The next username/password combination to be tried is shown here.

Skip Word
Pressing this button will skip over the next username or password.

This button is disabled if the Static or Copy Password from Username options were chosen during the preparation of the attack, or if Entry is in Online mode.

Fast Forward to...
Pressing this button will skip over usernames or passwords until the target word is found.

This button is disabled if the Static or Copy Password from Username options were chosen during the preparation of the attack, or if Entry is in Online mode.

View Wordlist
Pressing this button will open the source wordlist for viewing, in its associated text editor or word processor (usually Windows Notepad).

This button is disabled if the Static, Generator or Copy Password from Username options were chosen during the preparation of the attack.

Online Button
Pressing this button will cause Entry to enter online (attack) mode. If this button is depressed, pressing it again will cause Entry to leave online mode.

This button is disabled if all username/password combinations have been tried, or there is a session initialization error.

Lazy Save Button
Pressing this button will cause Entry to save the status of the current session, without going offline. It will remain depressed until the current login attempt is completed and the save has been made.

If you have not already chosen a name for the current session file, autosave.eaf will be used.

This button is disabled while Entry is in offline mode. To save while in offline mode, select File...Save from Entry's drop-down menu.

Exit Button
Pressing this button at any time will terminate Entry immediately, without saving the status of the session in progress.

Troubleshooting

Entry says the document is not secure. What's wrong?

You must give Entry a secure HTTP URL. For the purposes of this program, an HTTP URL is not secure unless clicking it causes your Netscape browser to request a username and password in a pop-up box.

Form-based authentication schemes (such as Adult Check) are not considered secure under this definition.

Why does Entry stop the distributed attack without trying all combinations?

In a distributed attack, each session file represents only part of the total attack. To continue, open the next session file in the set.

Why doesn't the View Wordlist button work with my wordlist?

Your file associations are not set properly. You may either rename the wordlist(s) to end with .txt, or update your Windows file associations.

Why do I get a "Timestamp Warning" when I open a status file?

Entry uses wordlist timestamps to ensure that an attack can be properly reinstated. If the wordlist(s) used by an attack is modified (or transported across a network) after your progress has been saved, Entry must recalculate your position in the list(s).

What causes "Error 11004: Server could not be found?"

The server name you typed in the URL box does not exist.
You are not currently connected to the Internet.
Your DNS server is malfunctioning or offline.

What are some common HTTP error codes, and what do they mean?

301, 302: Document has been moved to a different URL.
403: Access is forbidden and password authentication is not allowed.
404: Document does not exist. (Check your URL for errors.)
407: Proxy username and password are required.
500: Internal server error.
503: Server is busy, try again later.

Entry says my URL is invalid. What's wrong?

Entry uses the FTP, HTTP, and POP3 protocols; good URLs should start with either ftp:// or http://, or pop3://.

Entry says my wordlist(s) does not exist, and won't load my session file. Why?

This error can be caused by entering a relative pathname for a wordlist, and then moving the list to a different directory on your computer. You can solve the problem by moving the list and session file back to their previous locations.

Why does my log file look funny? Why did the automatic log update fail?

The Entry log file is written in a special format, and is not meant to be edited by hand. If you have accidentally corrupted your log file, delete it. Entry will save a new, correctly formatted log in its place.

When I try to fast-forward using the generator, Entry appears frozen. Why?

The internal generator is able to create hundreds of billions of unique passwords. Skipping over even a small fraction of that amount (for example, 1 billion) may take a very long time.

If your password assignment policy allows for hundreds of billions of combinations, you may not need to test your system security in this manner, as the probability of finding a random working password is very small.

Why does Entry Pro say my registration key is invalid?

Your copy of Entry Pro was keyed specifically to the computer you listed on the order form. Doing any of the following may cause Entry Pro or your registration key to malfunction:

Adding or replacing hardware, such as motherboards or disk drives, inside your computer.
Attempting to modify Entry Pro.

For more information, contact EliteSys.