RE: Brute-forcing Dial-up password after war-dial

From: Yanisto (yanisto_at_nuxed.org)
Date: 09/27/03

  • Next message: Frank PoWell: "Re: Has anyone found the WFS-1" 
    To: pen-test@securityfocus.com
Date: Sat, 27 Sep 2003 16:34:42 +0200

    Indeed, it obviously depends on the OS you're operating from but if it's
    a UNIX-like, i'd suggest you to get that great tool, from THC :
    http://www.thc.org/download.php?t=r&d=login_hacker-1.1.tar.gz
    It's a shellscript using minicom, and, as a shellcript, remains highly
    configurable...

    Enjoy.

    Yanisto.

    Le ven 19/09/2003 à 17:15, Hagen, Eric a écrit :
    > Careful that you have a written contract with the company you're
    > war-dialing. Otherwise, it's often a felony in many jurisdicitions and even
    > if you don't penetrate anything, can land you in some serious hot water.
    >
    > Assuming you DO have a contract with the company, there is one called THC
    > that would be worth a try. It used to be hosted by a University, but it's
    > since been taken off their site IIRC. It has a scripting language that
    > will let you script password attacks and I believe can even import a 'words'
    > or 'names' file if you choose.
    >
    > Eric Hagen
    >
    > -----Original Message-----
    > From: Michelangelo Sidagni [mailto:m.sidagni@verizon.net]
    > Sent: Thursday, September 18, 2003 9:55 AM
    > To: pen-test@securityfocus.com
    > Subject: Brute-forcing Dial-up password after war-dial
    >
    >
    >
    >
    > After a war dial, I obtained a list of phone numbers that responded with a
    > carrier (PPP or other). Is there a free tool out there that bruteforce
    > Dial-up ID and passwords on the numbers identified by the war dial? I know
    > that PhoneSweep does that, but is there a workaround / free program to do
    > that?
    >
    > Mike
    >

  • Next message: Frank PoWell: "Re: Has anyone found the WFS-1"