Penetration Testing mailing list archives
Re: password cracker for PCAnywhere and VNC (RFB 003.008)
From: Neil <neil () voidfx net>
Date: Thu, 02 Mar 2006 17:22:35 +0530
3 shool wrote:
Hi, I'm doing a Penetration Test for two servers. Nmap has identified both the servers as Windows 2003 .Net. Both the servers are running a web appilication each, 1 is on Lotus Domino and other on IIS 6.0. The first one looks to be Lotus Domino email server and the other what I found from its webpage is a Datawarehouse from Cognos (BI system). Nessus didn't show any vulnerability on these servers. But these systems have services like VNC and PCAnywhere. So I think Password Cracking at this stage would be the best idea. Could anyone suggest a good tool for password cracking following: 1. PCANywhere 2. VNC 3. Website forms (form based authentication using HTTPS) 4. FTP Await your reply. Thanks in advance.
FTP, best hands down, is THC-Hydra. HTTP, I don't think Hydra will do it, all I can think of off the top of my head is Brutus. Google turns them up easy enough. -- Neil. http://voidfx.net "Sex is like Nokia (connecting people), like Nike (just do it), like Pepsi (ask for more), like Samsung (everyone is invited) and like Philips (let's make things better)." --Anonymous ------------------------------------------------------------------------------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ ------------------------------------------------------------------------------
Current thread:
- password cracker for PCAnywhere and VNC (RFB 003.008) 3 shool (Mar 01)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) Idan Deshe (Mar 02)
- Message not available
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) 3 shool (Mar 02)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) tcpandip (Mar 03)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) Christine Kronberg (Mar 06)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) pagvac (Mar 07)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) 3 shool (Mar 02)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) Neil (Mar 02)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) Sean M. Krause (Mar 02)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) jmk (Mar 02)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) 3 shool (Mar 02)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) Mark Owen (Mar 03)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) 3 shool (Mar 04)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) 3 shool (Mar 02)
- Message not available
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) 3 shool (Mar 04)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) jmk (Mar 04)
- <Possible follow-ups>
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) Marco Ivaldi (Mar 03)