Penetration Testing mailing list archives
Re: Pen-test Freesshd 1.10
From: "Jamie Riden" <jamesr () europe com>
Date: Sat, 23 Dec 2006 07:54:18 +1300
On 22/12/06, Saehrig, Steven <ssaehrig () jeffersonradiology com> wrote:
Hello all, This is the first time sending to the list I would like to know some way to pen-test a sftp server I have setup on our network. I have tried nmap for open ports and I have tried metasploit for buffer overflows that I found on Google. Are there any programs or tricks I should know to try and break into this. I am basically proving the security of the application for production use. Thank you for any advise you can give me.
The last couple of SSH compromises I've seen were all through the use of insecure passwords - e.g. upload/upload. Have you tried a dictionary attack against the more common user names? cheers, Jamie -- Jamie Riden, CISSP / jamesr () europe com / jamie.riden () gmail com NZ Honeynet project - http://www.nz-honeynet.org/
Current thread:
- Pen-test Freesshd 1.10 Saehrig, Steven (Dec 21)
- RE: Pen-test Freesshd 1.10 Clemens, Dan (Dec 22)
- Re: Pen-test Freesshd 1.10 Jamie Riden (Dec 22)