Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: broute forcing telnet and ssh

from [Gregory Boyce] Network Security [Permanent Link]
Subject: Re: broute forcing telnet and ssh
Date: Mon, 26 Sep 2005 11:42:37 -0400 (EDT) 
On Sun, 25 Sep 2005, Juan B wrote:

Hi Great List !

I need to boute force my server in the company to
check if it can resist broute forcing ( and check
passwords strange ) the server is open to the to the
internal network in telnet and ssh.

can some one tell me about good tools to check this
issue?


What are you trying to discover by doing this?

I see two possible reasons to brute force SSH or telnet on a server you own.

1) To test passsword strength - If you're an admin on the server, then this method seems kind of round about. You already have access to the encrypted password file, so you're better off just using a tool like john the ripper to test the strength of the passwords. It will be faster than going through SSH or telnet would be.

2) To look for a trojaned sshd - If someone installed a trojan sshd with a backdoor username and password, then you might be able to find it by applying usernames and passwords known to have been used in existing trojans. I would think there would be better ways to do this as well though.

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Anonymize internet access, Jeffrey F. Bloss
Next by Date:  Re: looking for a free Hax decoder, Aaron Phillips
Previous by Thread:  RE: broute forcing telnet and ssh, Meni Milstein
Next by Thread:  Re: broute forcing telnet and ssh, Jeffrey F. Bloss
Indexes:  [Date] [Thread] [Top] [All Lists]