Security Basics mailing list archives
Re: broute forcing telnet and ssh
From: Gregory Boyce <gboyce () badbelly com>
Date: Mon, 26 Sep 2005 11:42:37 -0400 (EDT)
On Sun, 25 Sep 2005, Juan B wrote:
Hi Great List ! I need to boute force my server in the company to check if it can resist broute forcing ( and check passwords strange ) the server is open to the to the internal network in telnet and ssh. can some one tell me about good tools to check this issue?
What are you trying to discover by doing this?I see two possible reasons to brute force SSH or telnet on a server you own.
1) To test passsword strength - If you're an admin on the server, then this method seems kind of round about. You already have access to the encrypted password file, so you're better off just using a tool like john the ripper to test the strength of the passwords. It will be faster than going through SSH or telnet would be.
2) To look for a trojaned sshd - If someone installed a trojan sshd with a backdoor username and password, then you might be able to find it by applying usernames and passwords known to have been used in existing trojans. I would think there would be better ways to do this as well though.
Current thread:
- broute forcing telnet and ssh Juan B (Sep 26)
- RE: broute forcing telnet and ssh Meni Milstein (Sep 26)
- Re: broute forcing telnet and ssh Gregory Boyce (Sep 26)
- Re: broute forcing telnet and ssh Jeffrey F. Bloss (Sep 26)
- <Possible follow-ups>
- Re: Re: broute forcing telnet and ssh planbb (Sep 27)
- RE: Re: broute forcing telnet and ssh Miguel Dilaj (Sep 28)
- RE: Re: broute forcing telnet and ssh Steve Fletcher (Sep 28)