0x0e.org | pentesting perspective

braindump on pentesting, QA, metasploit, constant learning

Archive for June 2011

Pentestify.

leave a comment »

i’m over here¬†now.

Written by jcran

June 22, 2011 at 3:23 AM

Posted in Uncategorized

Tagged with

password hangover

with 2 comments

Just saw the Hangover 2. – funny (and true) bit on passwords…

as an international drug dealer tranfers money between accounts:

“your password is bologna1?”

“it used to be bologna, but they make you include a stupid number now”

*facepalm*

sadly (… or happily, depending on your perspective¬† :] ) , weak passwords are still common…. metasploit has some awesome modules to test passwords:

jcran@disko:~/framework/modules$ find . |grep _login | grep -v svn

  • ./auxiliary/scanner/snmp/snmp_login.rb
  • ./auxiliary/scanner/mssql/mssql_login.rb
  • ./auxiliary/scanner/postgres/postgres_login.rb
  • ./auxiliary/scanner/http/wordpress_login_enum.rb
  • ./auxiliary/scanner/http/axis_login.rb
  • ./auxiliary/scanner/http/tomcat_mgr_login.rb
  • ./auxiliary/scanner/http/http_login.rb
  • ./auxiliary/scanner/http/frontpage_login.rb
  • ./auxiliary/scanner/ftp/ftp_login.rb
  • ./auxiliary/scanner/vnc/vnc_login.rb
  • ./auxiliary/scanner/ssh/ssh_login_pubkey.rb
  • ./auxiliary/scanner/ssh/ssh_login.rb
  • ./auxiliary/scanner/telnet/telnet_login.rb
  • ./auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb
  • ./auxiliary/scanner/lotus/lotus_domino_login.rb
  • ./auxiliary/scanner/mysql/mysql_login.rb
  • ./auxiliary/scanner/rservices/rsh_login.rb
  • ./auxiliary/scanner/rservices/rlogin_login.rb
  • ./auxiliary/scanner/rservices/rexec_login.rb
  • ./auxiliary/scanner/smb/smb_login.rb
  • ./auxiliary/scanner/oracle/isqlplus_login.rb
  • ./auxiliary/scanner/oracle/oracle_login.rb
  • ./auxiliary/fuzzers/tds/tds_login_username.rb
  • ./auxiliary/fuzzers/tds/tds_login_corrupt.rb
  • ./auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt.rb
  • ./auxiliary/admin/oracle/oracle_login.rb
  • ./exploits/windows/imap/mailenable_login.rb
  • ./exploits/windows/imap/mercury_login.rb
  • ./exploits/windows/http/hp_power_manager_login.rb

Written by jcran

June 10, 2011 at 6:30 PM

Posted in Uncategorized