Penetration Testing mailing list archives
SV: thc-pptp-bruter problem?
From: "Carl-Johan Bostorp" <carl-johan.bostorp () hps se>
Date: Tue, 14 Feb 2006 10:01:38 +0100
Yes, I tested it against a WatchGuard Firebox 700 about 4 months ago and as for you, it failed. Unless I'm confusing things with ssh2 now (which also failed against OpenSSH 3.8.1p1), I traced it down in the source to a segment of code (it landed there for some reason, and then got stuck) but my work kind of stopped there as I found the code hard to understand (and that in turn may be 'cause I don't know much about the workings of PPTP). At that time I thought it would be easier to build my own PPTP-bruter the day I needed it, borrowing code from pptpconfig. Nice to know it does work against MS Windows though :) /C-J -----Ursprungligt meddelande----- Från: Marco Ivaldi [mailto:raptor () 0xdeadbeef info] Skickat: den 13 februari 2006 11:29 Till: pen-test () securityfocus com Ämne: thc-pptp-bruter problem? Hey pen-testers, Since i wasn't able to directly email people at thc.org [1], i'm writing here. Just wanted to share some kinda weird problems i'm currently experiencing with thc-pptp-bruter v0.1.4. It seems to work flawlessly against Windows: # cat test | thc-pptp-bruter x.x.x.x Hostname 'xxx', Vendor 'Microsoft Windows NT', Firmware: 2195 5 passwords tested in 0h 00m 00s (5.00 5.00 c/s) 9 passwords tested in 0h 00m 02s (1.82 4.50 c/s) [...] But at least against Cisco VPN 3000 Concentrator and WatchGuard it presents the following behaviour: ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- thc-pptp-bruter problem? Marco Ivaldi (Feb 13)
- <Possible follow-ups>
- SV: thc-pptp-bruter problem? Carl-Johan Bostorp (Feb 15)