From: Jeffrey M.Miller CISSP (jmiller@acumeninfosec.com)
Date: Tue Dec 14 2004 - 10:10:03 EST
Thanks everyone for your responses...
I guess I've been missing large parts of nessus's abilities!
I've installed 2.2.2a and Hydra... now I just need to figure out how to
get them to work together.
Has anyone looked at the new nessus book available on Amazon? Just
wondering if it would be helpful.
J_
On Dec 14, 2004, at 6:25 AM, Dan Connelly wrote:
> Internet Scanner does a good job of enumerating accounts on a Windows
> Domain(using netbios and null sessions) but if you tried to brute
> force/dictionary every account that it found the scan would take a
> VERY long time to complete. If you are trying to pw crack through a
> service (ftp,telnet,http...), use hydra otherwise use LC or John the
> Ripper.
> BTW, Nessus also does a good job enumerating accounts, and its free ;)
> Dan
>
>
>
>
> On Mon, 13 Dec 2004 19:10:29 -0600, Jeffrey M. Miller CISSP
> <jmiller@acumeninfosec.com> wrote:
>> I've used Internet Security Scanner from ISS and really like it's
>> ability to pull users from NT domains and test common passwords, such
>> as username=password, password=password, etc.
>>
>> I've considered purchasing the consultant version of l0phtcrack LC5.
>>
>> Has anyone used LC5 and can anyone compare it to ISS? Also are there
>> any OpenSource tools that can do these sorts of checks?
>>
>> Thanks
>>
>> J_
>>
>>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:10 EDT