*****************************************************************************
                                
                            UnSecure
                            ver 1.2 
                                
         Copyright (c) 1998 SniperX, All rights reserved
                                
           For news and updates visit www.SniperX.net
                                
*****************************************************************************
Contents:

1. Introduction

2. Using UnSecure
     a. Basic Information
     b. Interface
     c. Attack Methods

3. Technicalities and Theory

4. Contact Info
*****************************************************************************

     Check at www.sniperx.net for updates on docs and such.

     1.   Introduction
     
          Most people believe the Internet is secure and near impossible to break into. Since we know
     differently, we decided to provide means for everyone to experiment with the Internet's
     Security. Through UnSecure, the world will gain a better idea on whether or not they're safe.

          UnSecure is a Brute Forcing program to exploit flaws with the worlds current Internet
     Security. This program is able to try every possible password combination, and pinpoint the
     users password. UnSecure can currently break into most Windows 95/98, Windows NT,
     Mac, Unix and other OS servers with or without a firewall. Some people say the time to
     Brute Force a server can take years. This is not true considering the way
     hardware is being sped up.

        Unfortunately we also both know that the average users password is 6
     lowercase characters.


2. Using UnSecure -           Click connect to start!
                                                  
	2a.  Basic Information                       

                    UnSecure is primarily meant to be used over a network connection,
          yet is able to work with a modem connection as well. On a Pentium 233,
          UnSecure will go through a 37,000 word dictionary in under 5 minutes when
          attacking locally. UnSecure will run over a modem, but not nearly as fast
          as over a LAN.

          NOTE : More than one instance of UnSecure will run at a time, without
          slowing down the other instance(s) a great deal. Although there is not
          an existing feature to do so automatically, you may run this program
          more than once on the same host, at the same time, starting on different
          password combinations. UnSecure is not cpu intensive.

	2b.  Interface                          

	    Examples :                                   
          The computer name or IP : ftp.xxxxxxxxx.com or mail.xxxxxxxxx.com or x.x.x.x
          Port : 110 for most mail servers. 21 for most ftp servers.
          Username : The name of the user that you wish to pose as.
          Password : You can leave this the way it is.
          Reconnect: Some servers will disconnect you if you make x number of incorrect
               tries. The reconnect option tells UnSecure to automatically reconnect
               if the remote host does disconnect you.
          Autosave : This option, when enabled, auto saves your session (all current info.)
               as a file called autosave.uns.

          *NOTE* You CAN save a session while attacking.

	2c.  Attack Method                                     

                    UnSecure uses two methods to accomplish its task. A dictionary attack, and a brute
          force attack. A dictionary attack meaning you have a file containing all of the words
          and combinations you choose, seperated by spaces or crlf's (carrage return/
          linefeed's) to use as guesses.

                The brute force method will allow you to try all possible password
          combinations using the characters you specify (a-z, A-Z, 0-9, and special).
          You may also use a custom character set.

          Custom brute force characters : A character set you make up... ex : if you put
               ab3...    It will try all combinations with the characters a, b and 3.


3. Technicalities and Theory

          This idea is based on a well known attack, but has never been exploited like this. Never has
     there been a program that allowed anyone to practice this kind of attack.

          The program should have a fairly decent client computer, on which UnSecure is running.
     The bandwidth is the main slowdown. UnSecure has a far greater potential than what has been
     described here. For our examples, we used Pentium 233's. Imagine the speed difference if the
     client and host were Pentium II 400Mhz's on a 100Mbit connection.
                                             

                    4. Contact Info     

     From now on, please only contact the following addresses.

     guns@sniperx.net
     unsecure@sniperx.net
     www.sniperx.net

     Greets go to :

     The L0pht

     MilW0rm

     All the Kevins

     And, our favorite...

     Bill!

     This program is deticated to the U.S. goverment and all the others
     who just don't get it.
