RE: BruteForcing?

From: "Hagen, Eric" <hagene@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 16 Oct 2006 15:06:19 -0600

Anyone feel free to correct me if I'm wrong, but I don't believe a dictionary attack against modern IOS is practical because of the disconnect/timeout security features of the routers/switches. Try defaults, maybe a few dozen 'obvious' passwords "root" "enable" "admin" etc and move on to other vulnerabilities.

Eric

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx]On Behalf Of 09sparky@xxxxxxxxx
Sent: Sunday, October 15, 2006 12:03 PM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: BruteForcing?

This is more of a general brute forcing question, but one which I could use some assistance.

I am attempting to brute force some telnet sessions (Cisco Routers - CISCO IOS 12.2 and IOS 12.3(8), Cisco 1721 router). When telnet'ing in, it only prompts me for a PW (Not a username). It has a 3 attempts disconnect, so I get disconnected and have to reconnect.

My question is:
How and what tool should I use to try and brute force (dictionary attack) this session?
I have tried Hydra, but when I get disconnected (after 3 attempts), it tells me it is "finished". Not sure if there is a way to make it reconnect. Is there a better tool or other techniques that would work better?

Second question: Brute forcing also, but against WebPages. For example, a Cisco 3000 VPN Concentrator, I have the webpage asking for username/password. How would I attempt to dictionary attack this?

Thanks,
Sparky

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Follow-Ups:
- Re: BruteForcing?
  - From: Paolo Scarabelli

Prev by Date: Re: unswitched behavior of a switched network...
Next by Date: Re: unswitched behavior of a switched network...
Previous by thread: Re: BruteForcing?
Next by thread: Re: BruteForcing?
Index(es):
- Date
- Thread

Relevant Pages

RE: Tutorial for brute forcing Web apps,
... I am looking for tutorial on how to Brute forcing the Web apps - ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
(Pen-Test)
BruteForcing?
... This is more of a general brute forcing question, but one which I could use some assistance. ... How and what tool should I use to try and brute force (dictionary attack) this session? ... For example, a Cisco 3000 VPN Concentrator, I have the webpage asking for username/password. ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
Re: Boot floppy
... Root kit and other things? ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
(Pen-Test)
RE: Informing Companies about security vulnerabilities...
... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
(Pen-Test)
RE: Boot floppy
... I assume you're not in a domain, so you don't have admin privs on the ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
(Pen-Test)