Penetration Testing mailing list archives
RE: Password cracker tool
From: "Walsh, Leo" <Leo_Walsh () jeffersonwells com>
Date: Mon, 29 Jan 2007 09:54:17 -0600
For interaction with a web site (items 1 and 3 from your e-mail) there are some simple tools you can use: Microsoft's Web App Stress Kit, Burp Proxy or Wget. I don't have any experience customizing Burp Proxy to cycle through a list of username's and passwords but I think it can do it. Overall it's a great tool. The Web App Stress Kit is easy to customize in my experience. If you are wanting to validate that a Windows account isn't one of the defaults then you can use pwdump2 to get the hashes and then use John or Cain & Able to test the hashes against your dictionary. -Leo Walsh Jefferson Wells International TRM Professional -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Milind Nanal Sent: Monday, January 29, 2007 12:09 AM To: pen-test () securityfocus com Subject: Password cracker tool Dear list, I am looking for password dictionary / brute force / hybrid password cracker tool. I have default set of user name & password using which I want to check my network for below scenarios. 1) Try default user/password on web logon service on all network management device on the subnet 2) Try default password on all Windows exchange server domain account. 3) Try default user/password on all network printer management web logon. The tool should be run on Windows / MS DOS systems. I can have preferably common tool or separate tools for each scenario. This will help auditing weak password management within LAN. Regards, Milind Disclaimer: This e-mail may contain Privileged/Confidential information and is intended only for the individual(s) named. Please notify the sender, if you have received this e-mail by mistake and delete it from your system. Information in this message that do not relate to the official business of the company shall be understood as neither given nor endorsed by it. E-mail transmission cannot be guaranteed to be secure or error-free. The sender does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Visit us at www.kaleconsultants.com ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 00000008bOW ------------------------------------------------------------------------ ----------------------------------------- ******* Internet Email Confidentiality ******* The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that it is strictly prohibited (a) to disseminate, distribute or copy this communication or any of the information contained in it, or (b) to take any action based on the information in it. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Password cracker tool Milind Nanal (Jan 28)
- RE: Password cracker tool Robert Belk (Jan 29)
- Re: Password cracker tool Manuel Arostegui Ramirez (Jan 29)
- RE: Password cracker tool Jose Luis Flores (Jan 30)
- Re: Password cracker tool crazy frog crazy frog (Jan 30)
- <Possible follow-ups>
- RE: Password cracker tool Walsh, Leo (Jan 29)
- RE: Password cracker tool Milind Nanal (Jan 30)
- RE: Password cracker tool Balasubramanian M. (IT) (Jan 30)