Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question on Tsgrinder and Hydra

From: security <security () xentek net>
Date: Wed, 6 Sep 2006 17:42:34 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'd throw -l Administrator at it, and other common account names. Or use your preexisting knowledge of the environment and throw a none good user at it. 

- -em


On Sep 6, 2006, at 3:17 AM, barcajax () gmail com wrote:
I have been tasked with demonstrating how trivial it is to brute force a server running VNC and Terminal Services. 

I have a wordlist that will be used by both tools.
Tried both GUI and CLI versions of Hydra by specifying the protocol (VNC), password file and IP. I have a problem as Hydra keeps prompting me to include the -l switch to include a username to brute force. VNC does not have a user so can someone please tell me what I'm missing in this picture?
I used Tsgrinder against Terminal Services and it worked like a charm. My only question is, does it have a switch to control brute force attempt timing like Hydra does? I don't see one.
---------------------------------------------------------------------- ----- 
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------- ----- 



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFE/0DLj8o5VXXdUSwRAln2AKDUTvaeIbpzIPm8AD+mchBQX2QToACfa8cL
AS313+4+s7c/BJSImGJEJmY=
=IkNR
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: