From: Marco Ivaldi (raptor@0xdeadbeef.info)
Date: Fri Mar 03 2006 - 07:34:29 EST
On Thu, 2 Mar 2006, 3 shool wrote:
> Looking forward to some more stuff from your side.
Speaking about FTP, you may also want to check out my small brutus.pl
script. It's not particularly performing compared to the excellent Hydra
and Medusa, but in some environments i found it to be more robust and
comfortable to use. You can download it here:
http://www.0xdeadbeef.info/code/brutus.pl
Moreover, an IMHO interesting feature the others lack is the ability to
grab valid usernames through SMTP VRFY/EXPN, SMTP RCPT (useful with some
widespread Sendmail configurations) and Cisco IOS (mis)configured to
inform if the entered username exists on the system.
I'm planning to add some more capabilities in the (hopefully not too far;)
future, like: user enumeration trough Apache ~user HTTP GETs, support for
password-only login services (Cisco, Ascend, etc.), HTTP Basic Auth,
Finger, etc.
PS. Someone mentioned SSH2 password bruteforcing: you should take a look
at the impressive guess-who tool written by Stealth.
Ciao,
-- Marco Ivaldi Antifork Research, Inc. http://0xdeadbeef.info/ 3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707 ------------------------------------------------------------------------------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ ------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:35 EDT