Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: BruteForcing?

from [Fab] Network Security [Permanent Link]
Subject: Re: BruteForcing?
Date: Mon, 16 Oct 2006 22:20:43 +0200 
Hi,

You should try the defaults passwords list :
http://www.phenoelit.de/dpl/dpl.html

and try some Cisco hack tool :
http://packetstormsecurity.org/cisco/
(goods results with Cisco Torch & CGE, but steathless ;-) )

Fab

Le dimanche 15 octobre 2006 à 18:03 +0000, 09sparky@gmail.com a écrit :

This is more of a general brute forcing question, but one which I could use 
some assistance.

I am attempting to brute force some telnet sessions (Cisco Routers - CISCO 
IOS 12.2 and IOS 12.3(8), Cisco 1721 router).  When telnet'ing in, it only 
prompts me for a PW (Not a username).  It has a 3 attempts disconnect, so I 
get disconnected and have to reconnect.  

My question is:
How and what tool should I use to try and brute force (dictionary attack) 
this session?
I have tried Hydra, but when I get disconnected (after 3 attempts), it tells 
me it is "finished".  Not sure if there is a way to make it reconnect.  Is 
there a better tool or other techniques that would work better?

Second question: Brute forcing also, but against WebPages.  For example, a 
Cisco 3000 VPN Concentrator, I have the webpage asking for username/password. 
 How would I attempt to dictionary attack this?

Thanks,
Sparky

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


-- 
http://www.revhosts.org
PGP KeyID: 1E4AEDAC
Fingerprint : CBFE 4767 481C 3252 9611  A42A 3122 7F40 1E4A EDAC


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: unswitched behavior of a switched network..., Nicob
Next by Date:  Re: unswitched behavior of a switched network..., Florian Osses
Previous by Thread:  BruteForcing?, 09sparky
Next by Thread:  Re: BruteForcing?, Jeremy Saintot
Indexes:  [Date] [Thread] [Top] [All Lists]