From: Neil (neil@voidfx.net)
Date: Thu Mar 02 2006 - 06:52:35 EST
3 shool wrote:
> Hi,
>
> I'm doing a Penetration Test for two servers. Nmap has identified both
> the servers as Windows 2003 .Net. Both the servers are running a web
> appilication each, 1 is on Lotus Domino and other on IIS 6.0. The
> first one looks to be Lotus Domino email server and the other what I
> found from its webpage is a Datawarehouse from Cognos (BI system).
>
> Nessus didn't show any vulnerability on these servers. But these
> systems have services like VNC and PCAnywhere. So I think Password
> Cracking at this stage would be the best idea.
>
> Could anyone suggest a good tool for password cracking following:
> 1. PCANywhere
> 2. VNC
> 3. Website forms (form based authentication using HTTPS)
> 4. FTP
>
> Await your reply.
>
> Thanks in advance.
>
FTP, best hands down, is THC-Hydra.
HTTP, I don't think Hydra will do it, all I can think of off the top of
my head is Brutus.
Google turns them up easy enough.
-- Neil. http://voidfx.net "Sex is like Nokia (connecting people), like Nike (just do it), like Pepsi (ask for more), like Samsung (everyone is invited) and like Philips (let's make things better)." --Anonymous ------------------------------------------------------------------------------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ ------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:35 EDT