From: kp (kp@closed-networks.com)
Date: Wed May 15 2002 - 05:49:39 EDT
Errr - sledgehammer & walnut anyone?
What's the point in implementing networking just to do a bruteforce
crack on a *serial* connection? Has the world gone mad? Is it *really*
that hard to write a bruteforcer in C or script language?
I'm not having a go, it just strikes me as a bit of overkill, considering
you *used* to be able to get a bruteforcer for the KX-TD 1232 at pbxsoftware.com (incidentally I may have the archive somewhere so mail me if you urgently
require it) and you could write a cracker in Telix script in under 20 lines.
The KX-TD allows infinite password attempts from what I recall and I also
seem to remember it's either a 5 or 7 digit password (default 12345..)
My home-rolled script can crack one in under an hour over dialup at
which point you just roll on in with Programmator.
Nice to see a PBX saying "Welcome" at login :)
KP
On Mon, May 13, 2002 at 10:55:55PM +0100, Lists wrote:
> If you could somehow get it attached to the network (e.g. use nc to connect
> the serial port to a listening "socket") you could then try something like
> brutus (http://www.hoobie.net/brutus/) and a word list, i think LC3
> (http://www.atstake.com) had a nice one. I had to do something similar once,
> and i used a linux console server program to allow me to "telnet" to the
> serial port, you might even be able to fudge something together with a copy
> of minicom if you have a linux box to hand - then just point brutus at it.
>
>
> ----- Original Message -----
> From: <CMichal@oracular.com>
> To: <pen-test@securityfocus.com>
> Sent: Monday, May 13, 2002 7:24 PM
> Subject: Serial Connection Password Cracker.
>
>
> > I'm looking for a program that can do a dictionary based attack on a
> > device that is connected to a laptop via com port, serial port.
> > Its a piece of hardware that has no lockout after successive bad
> > passwords and there is no delay between try's.
> > If there isn't a cracking program out there with this capability I guess
> > I will have to write some software that will do it.
> >
> > Its a Panasonic KX-TVS75 phone system to be exact, I have the piece of
> > hardware in my possession but I forgot the console password.
> >
> > -C
> >
> >
> > --------------------------------------------------------------------------
> --
> > This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA)
> > Service. For more information on SecurityFocus' SIA service which
> > automatically alerts you to the latest security vulnerabilities please
> see:
> > https://alerts.securityfocus.com/
> >
> >
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:21 EDT