Penetration Testing mailing list archives
Re: password cracker for PCAnywhere and VNC (RFB 003.008)
From: Marco Ivaldi <raptor () 0xdeadbeef info>
Date: Fri, 3 Mar 2006 13:34:29 +0100 (CET)
On Thu, 2 Mar 2006, 3 shool wrote:
Looking forward to some more stuff from your side.
Speaking about FTP, you may also want to check out my small brutus.pl script. It's not particularly performing compared to the excellent Hydra and Medusa, but in some environments i found it to be more robust and comfortable to use. You can download it here: http://www.0xdeadbeef.info/code/brutus.pl Moreover, an IMHO interesting feature the others lack is the ability to grab valid usernames through SMTP VRFY/EXPN, SMTP RCPT (useful with some widespread Sendmail configurations) and Cisco IOS (mis)configured to inform if the entered username exists on the system. I'm planning to add some more capabilities in the (hopefully not too far;) future, like: user enumeration trough Apache ~user HTTP GETs, support for password-only login services (Cisco, Ascend, etc.), HTTP Basic Auth, Finger, etc. PS. Someone mentioned SSH2 password bruteforcing: you should take a look at the impressive guess-who tool written by Stealth. Ciao, -- Marco Ivaldi Antifork Research, Inc. http://0xdeadbeef.info/ 3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707 ------------------------------------------------------------------------------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ ------------------------------------------------------------------------------
Current thread:
- Re: password cracker for PCAnywhere and VNC (RFB 003.008), (continued)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) Christine Kronberg (Mar 06)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) pagvac (Mar 07)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) Neil (Mar 02)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) Sean M. Krause (Mar 02)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) jmk (Mar 02)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) 3 shool (Mar 02)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) Mark Owen (Mar 03)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) 3 shool (Mar 04)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) 3 shool (Mar 02)
- Message not available
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) 3 shool (Mar 04)
- Re: password cracker for PCAnywhere and VNC (RFB 003.008) jmk (Mar 04)