For interaction with a web site (items 1 and 3 from your e-mail) there
are some simple tools you can use: Microsoft's Web App Stress Kit, Burp
Proxy or Wget. I don't have any experience customizing Burp Proxy to
cycle through a list of username's and passwords but I think it can do
it. Overall it's a great tool. The Web App Stress Kit is easy to
customize in my experience.
If you are wanting to validate that a Windows account isn't one of the
defaults then you can use pwdump2 to get the hashes and then use John or
Cain & Able to test the hashes against your dictionary.
-Leo Walsh
Jefferson Wells International
TRM Professional
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Milind Nanal
Sent: Monday, January 29, 2007 12:09 AM
To: pen-test@securityfocus.com
Subject: Password cracker tool
Dear list,
I am looking for password dictionary / brute force / hybrid password
cracker tool.
I have default set of user name & password using which I want to check
my network for below scenarios.
1) Try default user/password on web logon service on all network
management device on the subnet
2) Try default password on all Windows exchange server domain account.
3) Try default user/password on all network printer management web
logon.
The tool should be run on Windows / MS DOS systems. I can have
preferably common tool or separate tools for each scenario.
This will help auditing weak password management within LAN.
Regards,
Milind
Disclaimer:
This e-mail may contain Privileged/Confidential information and is
intended only for the individual(s) named. Please notify the sender, if
you have received this e-mail by mistake and delete it from your system.
Information in this message that do not relate to the official business
of the company shall be understood as neither given nor endorsed by it.
E-mail transmission cannot be guaranteed to be secure or error-free. The
sender does not accept liability for any errors or omissions in the
contents of this message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Visit us at www.kaleconsultants.com
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------
-----------------------------------------
******* Internet Email Confidentiality ******* The information
contained in this message may be privileged and confidential and
protected from disclosure. If the reader of this message is not the
intended recipient, or an employee or agent responsible for
delivering this message to the intended recipient, you are hereby
notified that it is strictly prohibited (a) to disseminate,
distribute or copy this communication or any of the information
contained in it, or (b) to take any action based on the information
in it. If you have received this communication in error, please
notify us immediately by replying to the message and deleting it
from your computer.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
