Penetration Testing mailing list archives
TS Grinder
From: "Thor" <thor () hammerofgod com>
Date: Thu, 9 Oct 2003 10:31:02 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings Security Professionals: I need to make a correction to an earlier post where I announced the new version of TSGrinder. I posted: "One cool thing is that even if you lock out an account, you can continue to BF it; since the RDP logon is an extension of the normal console logon, you can tell when you get valid creds by the "your account is locked out" message as opposed to the normal "bad username and password" message." As Eliot Mansfield pointed out in an email to me, this is not correct. You can only determine if you have ascertained a correct username, but not the password, as you get the "locked out" message whether you enter a correct password or not- this is case for Win2k, Win2k3, and XP. I should have tested this better before posting, and I apologize for dispensing incorrect information. Thanks to Eliot for correcting me. Cheers, AD -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBP4Wa9IhsmyD15h5gEQJO3ACgsbGiwrkZT1L3sUsHcOBZn6ze8h8AoPLl ivPEEoEFEDIvgAJpX/yMH4Qe =Va0g -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Tired of constantly searching the web for the latest exploits? Tired of using 300 different tools to do one job? Get CORE IMPACT and get some rest. www.coresecurity.com/promos/sf_ept2 ----------------------------------------------------------------------------
Current thread:
- TS Grinder Thor (Oct 09)