Re: Pen testing a very small network

[xyberpix <xyberpix () xyberpix com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>         
- - IIS/6.0 as the web server

Google!

- - MS VPN -pptp (tcp/1723) open

Not sure, but look

- - Ipswitch WS_FTPd 5.0.4 running with the "ssl vpn" option *only*

Google

- - IMAP open

Probably

- - MS Exchange OWA running at http://xxx.xxx.xxx/exchange (using basic
auth!)

Yes.

>  Is there a linux-cmd line script that'll cycle
> through and attempt to brute-force a password for a username I already
> know?

THC-Hydra

> What about the Ipswitch WS_FTPd running?

Google+exploits+WS_FTPd

> Anyway - thanks.
>
> Cheers.
>
> \\`izard

Research! Learn it, take it in, use it

Sorry if this is a bit harsh, but learn to look around, I had to!

xyberpix


>
For Security And Open Source News And Info Visit:
http://www.xyberpix.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFCJPVjcRMkOnlkwMERAqVKAJ0ZSITc+dDaBefTVALaVja7no12rgCcClmK
e80lZs71Ny8NC4g7gtt4ETk=
=CwBo
-----END PGP SIGNATURE-----