From: Bénoni MARTIN (Benoni.MARTIN@libertis.ga)
Date: Wed Mar 02 2005 - 09:59:29 EST
BTW, there is an exploit for your Ipswitch here : http://www.thc.org/exploits.php
-----Message d'origine-----
De : Mailinglisten [mailto:mozilla@ids-guide.de]
Envoyé : mercredi 2 mars 2005 11:05
À : Sekurity Wizard
Cc : pen-test@securityfocus.com
Objet : Re: Pen testing a very small network
Maybe you can try THCs PPTP Brute Forcer (www.thc.org), if you have a valid username that is used here ;-).
cheers
Michael
SW> Hey y'all,
SW> I'm doing a pen test for a very small client, and I've found
SW> basically that they're behind a very ghetto IDS which will forever
SW> auto-block you if you port-scan them, haha, that aside, I find all
SW> Microsoft Server 2003 based stuff. Here's a litany of what I've
SW> found, perhaps you can make some recommendations?
SW> - IIS/6.0 as the web server
SW> - MS VPN -pptp (tcp/1723) open
SW> - Ipswitch WS_FTPd 5.0.4 running with the "ssl vpn" option *only*
SW> - IMAP open
SW> - MS Exchange OWA running at http://xxx.xxx.xxx/exchange (using
SW> basic
SW> auth!)
SW> I guess I have some specifics - as far as questions go. I've got a
SW> linux box I can ssh to and pen test from (since they've blocked my
SW> regular Source IPs). Is there a linux-cmd line script that'll cycle
SW> through and attempt to brute-force a password for a username I
SW> already know?
SW> What about the Ipswitch WS_FTPd running? I know 5.0.3 is vulnerable
SW> to a bunch of stuff, but does anyone have any recommendations for 5.0.4?
SW> Anyway - thanks.
SW> Cheers.
SW> \\`izard
-- Mit freundlichen Grüßen Mailinglisten mailto:mozilla@ids-guide.de
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:17 EDT