Penetration Testing mailing list archives

Re: Pentesting Openmail Web login

From: "Rodrigo Montoro (Sp0oKeR)" <spooker () gmail com>
Date: Fri, 25 May 2007 17:26:41 -0300

Webfuzz it's nice to bruteforce it =)


Wfuzz is a tool designed for bruteforcing Web Applications, it can be
used for finding resources not linked (directories, servlets, scripts,
etc), bruteforce GET and POST parameters for checking different kind
of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters
(User/Password), Fuzzing,etc.

http://www.edge-security.com/wfuzz.php

Regards,


On 5/23/07, s-williams () nyc rr com <s-williams () nyc rr com> wrote:

I am task with testing user accounts on our mail system. We currently have two systems Exchange, and OpenMail for Linux 
which is on the DMZ. We are interested in finding out how easy it might be for someone to guess the password of one or 
our users account.

And if the are sucessful what can the do on the linux box, with that username and password.

We have a main site with a link to the webmail system from there, ifi want to test this which tool might be the best 
for doing this since its a link and not the main page?

Thanks in advance
"A wise man ask questions, a fool is afraid of knowledge"

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



--
"If you are not part of solution,
you are part of the problem."

=========================
    Rodrigo Ribeiro Montoro
BRConnection  Security  Team
      spooker () brc com br
           RHCE/LPIC-I
=========================

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Current thread:

Pentesting Openmail Web login s-williams (May 23)
- Re: Pentesting Openmail Web login Rodrigo Montoro (Sp0oKeR) (May 25)
- <Possible follow-ups>
- Re: Pentesting Openmail Web login s-williams (May 23)
  - Re: Pentesting Openmail Web login Brent Wolfram (May 23)
  - Re: Pentesting Openmail Web login Tremaine Lea (May 23)
    - Re: Pentesting Openmail Web login sherwyn . williams (May 24)
  - RE: Pentesting Openmail Web login Clemens, Dan (May 24)
    - RE: Pentesting Openmail Web login Marco Ivaldi (May 25)
    - Re: Pentesting Openmail Web login Bojan Zdrnja (May 25)
  - Re: Pentesting Openmail Web login pagvac (May 29)
    - Re: Pentesting Openmail Web login rajat swarup (May 30)