Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

SV: thc-pptp-bruter problem?

From: "Carl-Johan Bostorp" <carl-johan.bostorp () hps se>
Date: Tue, 14 Feb 2006 10:01:38 +0100
Yes, I tested it against a WatchGuard Firebox 700 about 4 months ago and as for you, it failed. Unless I'm confusing 
things with ssh2 now (which also failed against OpenSSH 3.8.1p1), I traced it down in the source to a segment of code 
(it landed there for some reason, and then got stuck) but my work kind of stopped there as I found the code hard to 
understand (and that in turn may be 'cause I don't know much about the workings of PPTP). At that time I thought it 
would be easier to build my own PPTP-bruter the day I needed it, borrowing code from pptpconfig. 

Nice to know it does work against MS Windows though :)

/C-J 

-----Ursprungligt meddelande-----
Från: Marco Ivaldi [mailto:raptor () 0xdeadbeef info] 
Skickat: den 13 februari 2006 11:29
Till: pen-test () securityfocus com
Ämne: thc-pptp-bruter problem?

Hey pen-testers,

Since i wasn't able to directly email people at thc.org [1], i'm writing here. Just wanted to share some kinda weird 
problems i'm currently experiencing with thc-pptp-bruter v0.1.4.

It seems to work flawlessly against Windows:

# cat test | thc-pptp-bruter x.x.x.x
Hostname 'xxx', Vendor 'Microsoft Windows NT', Firmware: 2195
5 passwords tested in 0h 00m 00s (5.00 5.00 c/s)
9 passwords tested in 0h 00m 02s (1.82 4.50 c/s) [...]

But at least against Cisco VPN 3000 Concentrator and WatchGuard it presents the following behaviour:


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: