RE: Brute-forcing Dial-up password after war-dial

From: Hagen, Eric (ehagen_at_DenverNewspaperAgency.com)
Date: 09/19/03

Next message: Meritt James: "Re: mapping vulnerabilities into high medium low risk"

Previous message: Omar Herrera: "RE: mapping vulnerabilities into high medium low risk"
Maybe in reply to: Michelangelo Sidagni: "Brute-forcing Dial-up password after war-dial"
Next in thread: Yanisto: "RE: Brute-forcing Dial-up password after war-dial"
Reply: Yanisto: "RE: Brute-forcing Dial-up password after war-dial"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Michelangelo Sidagni <m.sidagni@verizon.net>, pen-test@securityfocus.com
Date: Fri, 19 Sep 2003 09:15:34 -0600

Careful that you have a written contract with the company you're
war-dialing. Otherwise, it's often a felony in many jurisdicitions and even
if you don't penetrate anything, can land you in some serious hot water.

Assuming you DO have a contract with the company, there is one called THC
that would be worth a try. It used to be hosted by a University, but it's
since been taken off their site IIRC. It has a scripting language that
will let you script password attacks and I believe can even import a 'words'
or 'names' file if you choose.

Eric Hagen

-----Original Message-----
From: Michelangelo Sidagni [mailto:m.sidagni@verizon.net]
Sent: Thursday, September 18, 2003 9:55 AM
To: pen-test@securityfocus.com
Subject: Brute-forcing Dial-up password after war-dial

After a war dial, I obtained a list of phone numbers that responded with a
carrier (PPP or other). Is there a free tool out there that bruteforce
Dial-up ID and passwords on the numbers identified by the war dial? I know
that PhoneSweep does that, but is there a workaround / free program to do
that?

Thanks

Mike

---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for
21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------

---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------

Next message: Meritt James: "Re: mapping vulnerabilities into high medium low risk"

Previous message: Omar Herrera: "RE: mapping vulnerabilities into high medium low risk"
Maybe in reply to: Michelangelo Sidagni: "Brute-forcing Dial-up password after war-dial"
Next in thread: Yanisto: "RE: Brute-forcing Dial-up password after war-dial"
Reply: Yanisto: "RE: Brute-forcing Dial-up password after war-dial"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]