Penetration Testing mailing list archives

Re: Brute force web/ftp/telnet tool

From: Josha Bronson <dmuz () slartibartfast angrypacket com>
Date: Wed, 12 Sep 2001 11:15:55 -0700

On Wed, Sep 12, 2001 at 08:49:59AM -0700, Craig Duerr (Anaheim) said:

Can anyone recommend a brute force password tool for use with a web page,
ftp or telnet account? I would like to demonstrate to my developers the
amount of time it takes to get into a system with weak passwords and zero
logging.


http://packetstormsecurity.org/Crackers/

You should be able to find any number of brute force tools for many
protocols there, including telnet, http, smtp and others.

Of course, your brute force attack is only as good as your dictionary.
May I also suggest the CERIAS ftp archive for putting together a nice
dictionary for brute force attacks.

ftp://ftp.cerias.purdue.edu/pub/dict/

-- 
josha.bronson(aka->dmuz) >> dmuz () angrypacket com
networks/systems/security && CCNA, RHCE 
josha.net || dmuz.angrypacket.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Brute force web/ftp/telnet tool Craig Duerr (Anaheim) (Sep 12)
- Re: Brute force web/ftp/telnet tool Josha Bronson (Sep 12)
- Re: Brute force web/ftp/telnet tool Jose Nazario (Sep 12)
- Re: Brute force web/ftp/telnet tool José J. Cintrón (Sep 12)
- <Possible follow-ups>
- Re: Brute force web/ftp/telnet tool JAnsari (Sep 12)
  - Re: Brute force web/ftp/telnet tool Meritt James (Sep 13)