Penetration Testing mailing list archives
RE: Pen testing a very small network
From: Bénoni MARTIN <Benoni.MARTIN () libertis ga>
Date: Wed, 2 Mar 2005 15:59:29 +0100
BTW, there is an exploit for your Ipswitch here : http://www.thc.org/exploits.php -----Message d'origine----- De : Mailinglisten [mailto:mozilla () ids-guide de] Envoyé : mercredi 2 mars 2005 11:05 À : Sekurity Wizard Cc : pen-test () securityfocus com Objet : Re: Pen testing a very small network Maybe you can try THCs PPTP Brute Forcer (www.thc.org), if you have a valid username that is used here ;-). cheers Michael SW> Hey y'all, SW> I'm doing a pen test for a very small client, and I've found SW> basically that they're behind a very ghetto IDS which will forever SW> auto-block you if you port-scan them, haha, that aside, I find all SW> Microsoft Server 2003 based stuff. Here's a litany of what I've SW> found, perhaps you can make some recommendations? SW> - IIS/6.0 as the web server SW> - MS VPN -pptp (tcp/1723) open SW> - Ipswitch WS_FTPd 5.0.4 running with the "ssl vpn" option *only* SW> - IMAP open SW> - MS Exchange OWA running at http://xxx.xxx.xxx/exchange (using SW> basic SW> auth!) SW> I guess I have some specifics - as far as questions go. I've got a SW> linux box I can ssh to and pen test from (since they've blocked my SW> regular Source IPs). Is there a linux-cmd line script that'll cycle SW> through and attempt to brute-force a password for a username I SW> already know? SW> What about the Ipswitch WS_FTPd running? I know 5.0.3 is vulnerable SW> to a bunch of stuff, but does anyone have any recommendations for 5.0.4? SW> Anyway - thanks. SW> Cheers. SW> \\`izard -- Mit freundlichen Grüßen Mailinglisten mailto:mozilla () ids-guide de
Current thread:
- Pen testing a very small network Sekurity Wizard (Mar 01)
- Re: Pen testing a very small network Mailinglisten (Mar 02)
- Re: Pen testing a very small network Josh Zlatin-Amishav (Mar 02)
- <Possible follow-ups>
- RE: Pen testing a very small network Bénoni MARTIN (Mar 02)