Penetration Testing mailing list archives

Re: [PEN-TEST] RDS exploit simulation

From: Mordechai Ovits <movits () OVITS NET>
Date: Mon, 18 Sep 2000 12:16:44 -0400

On Mon, Sep 18, 2000 at 11:14:29AM -0400, Oliver Petruzel wrote:


Also, can anyone recommend a good pre-existing IMAP or POP vuln script
and simulation config?


Do you mean brute force password guessing, or sniffing the plaintext
password off the wire?

For sniffing the password, use either ethereal or dsniff.

For brute forcing, perl and python have libraries for doing imap and pop.
It's about 20 minutes of coding to get it right.

Mordy

Current thread:

[PEN-TEST] RDS exploit simulation Oliver Petruzel (Sep 18)
- Re: [PEN-TEST] RDS exploit simulation Mordechai Ovits (Sep 18)
- Re: [PEN-TEST] RDS exploit simulation Johan Persson (Sep 18)
- <Possible follow-ups>
- Re: [PEN-TEST] RDS exploit simulation Davidson,Sam (Sep 18)
- Re: [PEN-TEST] RDS exploit simulation Oliver Petruzel (Sep 18)
- Re: [PEN-TEST] RDS exploit simulation Oliver Petruzel (Sep 18)
  - Re: [PEN-TEST] RDS exploit simulation Steve (Sep 19)