Penetration Testing mailing list archives
Re: BruteForcing?
From: Paolo Scarabelli <paolo () msw it>
Date: Tue, 17 Oct 2006 22:06:49 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there... Maybe you can try Expect: http://expect.nist.gov/ - From the website: "Expect is a tool for automating interactive applications such as telnet, ftp, passwd, fsck, rlogin, tip, etc. Expect really makes this stuff trivial. Expect is also useful for testing these same applications. And by adding Tk, you can also wrap interactive applications in X11 GUIs. Expect can make easy all sorts of tasks that are prohibitively difficult with anything else. You will find that Expect is an absolutely invaluable tool - using it, you will be able to automate tasks that you've never even thought of before - and you'll be able to do this automation quickly and easily." Regards, Paolo.
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]On Behalf Of 09sparky () gmail com Sent: Sunday, October 15, 2006 12:03 PM To: pen-test () securityfocus com Subject: BruteForcing? This is more of a general brute forcing question, but one which I could use some assistance. I am attempting to brute force some telnet sessions (Cisco Routers - CISCO IOS 12.2 and IOS 12.3(8), Cisco 1721 router). When telnet'ing in, it only prompts me for a PW (Not a username). It has a 3 attempts disconnect, so I get disconnected and have to reconnect. My question is: How and what tool should I use to try and brute force (dictionary attack) this session? I have tried Hydra, but when I get disconnected (after 3 attempts), it tells me it is "finished". Not sure if there is a way to make it reconnect. Is there a better tool or other techniques that would work better? Second question: Brute forcing also, but against WebPages. For example, a Cisco 3000 VPN Concentrator, I have the webpage asking for username/password. How would I attempt to dictionary attack this? Thanks, Sparky
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFFNON5qAaEpZvj+VMRAtqkAKCfmdx7LiyLZ03PzbVyruD6gNX69gCeNJo0 YBf3lK5fcRu5KJrcEm1CLNI= =xg8u -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- BruteForcing? 09sparky (Oct 16)
- Re: BruteForcing? Fab (Oct 16)
- Re: BruteForcing? Jeremy Saintot (Oct 17)
- Re: BruteForcing? Christine Kronberg (Oct 17)
- <Possible follow-ups>
- RE: BruteForcing? Hagen, Eric (Oct 16)
- Re: BruteForcing? Paolo Scarabelli (Oct 17)
- RE: BruteForcing? Troy Fletcher (Oct 17)
- Re: BruteForcing? Rogan Dawes (Oct 18)
- RE: BruteForcing? Troy Fletcher (Oct 17)
- RE: BruteForcing? Hagen, Eric (Oct 17)