Re: French - Dictionnary attack

From: s0u1d13r s0u1d13r (s0u1d13r_at_gmail.com)
Date: 08/10/05

  • Next message: cbc: "Re: Application Assessment" 
    Date: Wed, 10 Aug 2005 05:43:57 -0700
To: "securityfocus@benmansour.net" <securityfocus@benmansour.net>

    there are a few:

    john the ripper
    rainbow crack
    hydra

    And hydra and john the ripper can plugin to Nessus as well.

    S

    On 9 Aug 2005 15:38:44 -0000, securityfocus@benmansour.net
    <securityfocus@benmansour.net> wrote:
    > Hi pen-testers,
    >
    > I need to perform some basic password guessing tests on a France based online application.
    >
    > I am contemplating using Brutus (http://www.hoobie.net/brutus/) for the testing.
    >
    > Could you please recommend similar tools that could perform:
    > - brute force attacks
    > - dictionnary attacks
    > on a web based FORM ?
    >
    > Selection criterias might include tolerance to timeout, as well as speed, ability to interrupt/resume a test.
    >
    > I am also looking for French specific dictionnaries that could help for this type of testing.
    >
    > Thanks in advance.
    >
    > Regards,
    >
    > sbm
    >
    > ------------------------------------------------------------------------------
    > FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
    >
    > Learn the hacker's secrets that compromise wireless LANs. Secure your
    > WLAN by understanding these threats, available hacking tools and proven
    > countermeasures. Defend your WLAN against man-in-the-Middle attacks and
    > session hijacking, denial-of-service, rogue access points, identity
    > thefts and MAC spoofing. Request your complimentary white paper at:
    >
    > http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
    > -------------------------------------------------------------------------------
    >
    >

    ------------------------------------------------------------------------------
    FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

    Learn the hacker's secrets that compromise wireless LANs. Secure your
    WLAN by understanding these threats, available hacking tools and proven
    countermeasures. Defend your WLAN against man-in-the-Middle attacks and
    session hijacking, denial-of-service, rogue access points, identity
    thefts and MAC spoofing. Request your complimentary white paper at:

    http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
    -------------------------------------------------------------------------------

  • Next message: cbc: "Re: Application Assessment"

    Relevant Pages

    • Re: Security - John the Ripper
      ... OpenVMS tries not to keep the original clear-text password around. ... the John The Ripper tool, ... You can't generally use a dictionary attack directly against OpenVMS ...
      (comp.os.vms)
    • Re: AD password Auditing
      ... The Ripper? ... I used pwdump2 to dump the password hash and used John ... Defend your WLAN against ...
      (Pen-Test)
    • John the Ripper 1.7; pam_passwdqc 1.0+; tcb 1.0; phpass 0.0
      ... After 7+ years of development snapshots only (yes, I know, that was ... John the Ripper 1.7 release is out: ... John the Ripper became a lot faster, primarily at DES-based hashes. ...
      (Bugtraq)
    • Re: unix passwords
      ... Most systems that store the password in ... based hash which John the Ripper attacks. ...
      (comp.security.unix)
    • RE: [Full-Disclosure] John the Ripper MS-SQL patch
      ... I haven't seen a patch that makes John capable of this, ... You can look at ForceSQL v2.0 and Hydra. ... > Calum Power ...
      (Full-Disclosure)
    • Quantcast