Re: Default Account scanning

From: Marco Ivaldi (raptor@mediaservice.net)
Date: Tue Mar 04 2008 - 05:06:10 EST


Hey pen-testers,

On Thu, 28 Feb 2008, p1g wrote:

> A few years ago, an audit was performed on the netowrk i worked on. A
> tool was use to crawl the network and attempt a login to systems using
> the default user name and password.
>
> I have perform this manually by enumerating systems (switches.routers,
> appliances) and testing them against default password lists, but I was
> wondering if there was a tool out there that handled this type of
> automated scan.

After you perform hosts enumeration with your favorite network scanner
[1], you can use one of the following automated bruteforcers:

http://freeworld.thc.org/thc-hydra/
http://www.foofus.net/jmk/medusa/medusa.html
http://www.hoobie.net/brutus/
http://www.0xdeadbeef.info/code/brutus.pl

In some cases, writing a custom script could be advisable. Also, depending
on the platforms that must undergo testing, some information leaks might
help you to build custom username lists to start with.

[1] Actually, the whole concept of "favorite scanner" is somewhat flawed,
     IMHO. Instead of relying on sympathies, you should really pick up the
     best tool(s) for your current test scope and purposes.

Cheers,

-- 
Marco Ivaldi, OPST
Red Team Coordinator      Data Security Division
@ Mediaservice.net Srl    http://mediaservice.net/
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:26 EDT