Re: BruteForcing?

[Jeremy Saintot <jeremy () caramiel com>]

Hello,

This does not only apply for Cisco routers, but I think this would be quite 
easy to code such a tool using Perl or another scripting language. It would 
read a dictionary file and send lines to std input, then reconnect after 
three attempts. An idea would be to perform a multi-threaded bruteforce 
attack, have you tried this with Hydra ?

Once again, to bruteforce web forms, you could script and use curl.

Regards,

Jeremy

09sparky () gmail com wrote:
> This is more of a general brute forcing question, but one which I could use some assistance.
>
> I am attempting to brute force some telnet sessions (Cisco Routers - CISCO IOS 12.2 and IOS 12.3(8), Cisco 1721 router).  When telnet'ing in, it only prompts me for a PW (Not a username).  It has a 3 attempts disconnect, so I get disconnected and have to reconnect.  
>
> My question is:
> How and what tool should I use to try and brute force (dictionary attack) this session?
> I have tried Hydra, but when I get disconnected (after 3 attempts), it tells me it is "finished".  Not sure if there is 
> a way to make it reconnect.  Is there a better tool or other techniques that would work better?
>
> Second question: Brute forcing also, but against WebPages.  For example, a Cisco 3000 VPN Concentrator, I have the 
> webpage asking for username/password.  How would I attempt to dictionary attack this?
>
> Thanks,
> Sparky

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------