From: Marco Ivaldi (raptor@mediaservice.net)
Date: Mon Jul 09 2007 - 04:38:43 EDT
On Sat, 7 Jul 2007, StaticRez wrote:
> If the remote box does have port 23 open, then there's some brute
> forcing that can be done with the telnet login. check out "brutus" under
> "Priviledge Escalation" on my tool list for info on brute forcing telnet
> with brutus.
>
> http://www.staticrez.org/toolkit.php
The brutus.pl script (http://www.0xdeadbeef.info/code/brutus.pl) also
supports the following user enumeration methods via SMTP:
1) VRFY/EXPN. Well-known way to enumerate valid usernames, useful with
unsecured SMTP servers.
2) RCPT TO. In some cases, this may be used to perform enumeration of
valid OS usernames (http://seclists.org/pen-test/2007/May/0228.html).
Cheers,
-- Marco Ivaldi, OPST Chief Security Officer Data Security Division @ Mediaservice.net Srl http://mediaservice.net/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/wf-spi ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:56 EDT