OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
RE: Brute-forcing Dial-up password after war-dial

From: Yanisto (yanistonuxed.org)
Date: Sat Sep 27 2003 - 09:34:42 CDT


Indeed, it obviously depends on the OS you're operating from but if it's
a UNIX-like, i'd suggest you to get that great tool, from THC :
http://www.thc.org/download.php?t=r&d=login_hacker-1.1.tar.gz
It's a shellscript using minicom, and, as a shellcript, remains highly
configurable...

Enjoy.

Yanisto.

Le ven 19/09/2003 à 17:15, Hagen, Eric a écrit :
> Careful that you have a written contract with the company you're
> war-dialing. Otherwise, it's often a felony in many jurisdicitions and even
> if you don't penetrate anything, can land you in some serious hot water.
>
> Assuming you DO have a contract with the company, there is one called THC
> that would be worth a try. It used to be hosted by a University, but it's
> since been taken off their site IIRC. It has a scripting language that
> will let you script password attacks and I believe can even import a 'words'
> or 'names' file if you choose.
>
> Eric Hagen
>
> -----Original Message-----
> From: Michelangelo Sidagni [mailto:m.sidagniverizon.net]
> Sent: Thursday, September 18, 2003 9:55 AM
> To: pen-testsecurityfocus.com
> Subject: Brute-forcing Dial-up password after war-dial
>
>
>
>
> After a war dial, I obtained a list of phone numbers that responded with a
> carrier (PPP or other). Is there a free tool out there that bruteforce
> Dial-up ID and passwords on the numbers identified by the war dial? I know
> that PhoneSweep does that, but is there a workaround / free program to do
> that?
>
> Mike
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQA/daAA+vuVabZft2wRAo3iAJ0VzZZd8SCsdVynsjVZXNY0Vrv9hwCfTKRV
5Xt0cWz+1GGqgHO5J1+rJ50=
=EDyI
-----END PGP SIGNATURE-----