Re: PPP authentication brute-force attack?

From: Nikhil Wagholikar (visitnikhil@gmail.com)
Date: Tue Feb 12 2008 - 08:18:45 EST

• Next message: Thor (Hammer of God): "RE: Brute force Remote Desktop"
• Previous message: p1g: "Re: Volatile Worm"
• In reply to: Matheus Michels: "PPP authentication brute-force attack?"
• Next in thread: Matheus Michels: "RE: PPP authentication brute-force attack?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello Matheus,

Sandstrom Enterprise's PhoneSweep is a tool for performing Brute force
attack against a PPP authentication server.

More Information: http://www.sandstorm.net/products/phonesweep/
PhoneSweep FAQ: http://www.sandstorm.net/products/phonesweep/generalfaq.php

---
NIKHIL WAGHOLIKAR
Information Security Analyst
NII Consulting
Web: http://www.niiconsulting.com/
Security Products: http://www.niiconsulting.com/products.html
On 2/11/08, Matheus Michels <matheusf_michels@hotmail.com> wrote:
>
> Does anybody know a tool to perform brute force or dictionary attacks against a PPP (PAP and/or CHAP) authentication server? Yes, I'm very familiar with Hydra, but neither it nor Medusa have support for PPP.
>
> I know that such a tool would actually call pppd to perform the attack. So, I even tried to write a shell script to read passwords from a file and call pppd for each one, but as I'm a very bad programmer I could not make nothing useful :(
>
> In my case, I'm trying to audit an PPPoE PAP server.
>
> _________________________________________________________________
> Connect and share in new ways with Windows Live.
> http://www.windowslive.com/share.html?ocid=TXT_TAGHM_Wave2_sharelife_012008
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Thor (Hammer of God): "RE: Brute force Remote Desktop"
• Previous message: p1g: "Re: Volatile Worm"
• In reply to: Matheus Michels: "PPP authentication brute-force attack?"
• Next in thread: Matheus Michels: "RE: PPP authentication brute-force attack?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:24 EDT