NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Pen-test> 2008-02

Re: PPP authentication brute-force attack?

From: Nikhil Wagholikar (visitnikhilgmail.com)
Date: Tue Feb 12 2008 - 07:18:45 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Matheus,

Sandstrom Enterprise's PhoneSweep is a tool for performing Brute force
attack against a PPP authentication server.

More Information: http://www.sandstorm.net/products/phonesweep/
PhoneSweep FAQ: http://www.sandstorm.net/products/phonesweep/generalfaq.php

---
NIKHIL WAGHOLIKAR
Information Security Analyst
NII Consulting
Web: http://www.niiconsulting.com/
Security Products: http://www.niiconsulting.com/products.html

On 2/11/08, Matheus Michels <matheusf_michelshotmail.com> wrote:
>
> Does anybody know a tool to perform brute force or dictionary attacks against a PPP (PAP and/or CHAP) authentication server? Yes, I'm very familiar with Hydra, but neither it nor Medusa have support for PPP.
>
> I know that such a tool would actually call pppd to perform the attack. So, I even tried to write a shell script to read passwords from a file and call pppd for each one, but as I'm a very bad programmer I could not make nothing useful :(
>
> In my case, I'm trying to audit an PPPoE PAP server.
>
> _________________________________________________________________
> Connect and share in new ways with Windows Live.
> http://www.windowslive.com/share.html?ocid=TXT_TAGHM_Wave2_sharelife_012008
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]