Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Word lists, again...

From: Ryan Russell <ryan () securityfocus com>
Date: Wed, 23 May 2001 19:13:44 -0600 (MDT)
On Wed, 23 May 2001, Alberto Grazi wrote:


Since I didn't have any name of files (listing is not allowed) my
approach was to try a sort of "dictionary attack" on the URL.
I tried with a normal English dictionary but it didn't find anything
(each word was truncated to the 8th char and ".exe" was appended)...


If you're looking for the 8.3 version of the file, it would normally be
123456~1.exe, not 12345678.exe.  Is that what you tried?

You might also try the full word, as it's possible to disable 8.3
support, or change the default truncation from ~1.

                                        Ryan
Previous By Date Next
Previous By Thread Next

Current thread: