ObiWaN is the brainchild of Phenoelit, a german hacker group headed by elite hacker FX which is written to carry out brute force security testing on Webservers. The goal of ObiWaN is a brute force authentication attack against Webserver with authentication requests - and in fact to break in insecure accounts. As the official documentation says -
ObiWan is written to check Webserver. The idea behind this is: Webserver with simple challenge-response authentication mechanism mostly have no switches to set up intruder lockout or delay timings for wrong passwords. In fact this is the point to start from. Every user with a HTTP connection to a host with basic authentication can try username-password combinations as long as he/she like it.
Like other programs for UNIX system passwords (crack) or NT passwords (l0phtcrack) ObiWaN uses wordlists and alternations of numeric or alpha-numeric characters as possible passwords. Since Webservers allow unlimited requests it is a question of time and bandwith to break in a server system.
ObiWaN manipulates a weakness in HTTP protocol, which as explained by Phenoelit itself is that nearly all servers allow unlimited username/password tries for a user & it literally becomes a question of time and bandwith to break in a server. After you break-in,you are the alpha & the omega of server..
like this post ? you can buy me a beer :)
Posted by XERO. ALL RIGHTS RESERVED.