Re: password cracker for PCAnywhere and VNC (RFB 003.008)

[Christine Kronberg <Christine_Kronberg () genua de>]

On Thu, 2 Mar 2006, 3 shool wrote:
> Thank you all for your emails.
>
> Just to elaborate more on my earlier email, what I'm looking for is a
> Remote Password Cracker. Cain & Able I think will not help me in this
> case, as I can't sniff also. These servers are on Internet.
>
> I'll try hydra although it has its own limitations. I tried Brutus but
> it doesn't do VNC or PCAnywhere password cracking.
>
> Does anyone know of good username/password lists for dictionary attack?

  Be careful. Do some calculating first. I've done a similar attack for
  a customer a short while back. My initial username/password files turned
  out to be too comprehensive (the whole attack would have run about 4
  years). Instead I used google to search for persons working for the
  customer to get a list of possible usernames. Then I stripped down
  my password dictionary to meet my and the customers requirements (the
  attack must not run 4 years - 5 hours are enough).
  It was a shot in the dark. I agree with the other posting: try to
  get information about the username/password policy of the customer.
  That will help more than the poking I did.

  Cheers,


                                                  Christine Kronberg.

------------------------------------------------------------------------------
This List Sponsored by: Lancope

"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed 
enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) 
and Response solution, leverages Cisco NetFlow to provide scalable, 
internal network security. 
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response 
Systems in the Enterprise."

http://www.lancope.com/resource/
------------------------------------------------------------------------------