0x0e.org | pentesting perspective

braindump on pentesting, QA, metasploit, constant learning

password hangover

with 2 comments

Just saw the Hangover 2. – funny (and true) bit on passwords…

as an international drug dealer tranfers money between accounts:

“your password is bologna1?”

“it used to be bologna, but they make you include a stupid number now”

*facepalm*

sadly (… or happily, depending on your perspective  :] ) , weak passwords are still common…. metasploit has some awesome modules to test passwords:

jcran@disko:~/framework/modules$ find . |grep _login | grep -v svn

  • ./auxiliary/scanner/snmp/snmp_login.rb
  • ./auxiliary/scanner/mssql/mssql_login.rb
  • ./auxiliary/scanner/postgres/postgres_login.rb
  • ./auxiliary/scanner/http/wordpress_login_enum.rb
  • ./auxiliary/scanner/http/axis_login.rb
  • ./auxiliary/scanner/http/tomcat_mgr_login.rb
  • ./auxiliary/scanner/http/http_login.rb
  • ./auxiliary/scanner/http/frontpage_login.rb
  • ./auxiliary/scanner/ftp/ftp_login.rb
  • ./auxiliary/scanner/vnc/vnc_login.rb
  • ./auxiliary/scanner/ssh/ssh_login_pubkey.rb
  • ./auxiliary/scanner/ssh/ssh_login.rb
  • ./auxiliary/scanner/telnet/telnet_login.rb
  • ./auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb
  • ./auxiliary/scanner/lotus/lotus_domino_login.rb
  • ./auxiliary/scanner/mysql/mysql_login.rb
  • ./auxiliary/scanner/rservices/rsh_login.rb
  • ./auxiliary/scanner/rservices/rlogin_login.rb
  • ./auxiliary/scanner/rservices/rexec_login.rb
  • ./auxiliary/scanner/smb/smb_login.rb
  • ./auxiliary/scanner/oracle/isqlplus_login.rb
  • ./auxiliary/scanner/oracle/oracle_login.rb
  • ./auxiliary/fuzzers/tds/tds_login_username.rb
  • ./auxiliary/fuzzers/tds/tds_login_corrupt.rb
  • ./auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt.rb
  • ./auxiliary/admin/oracle/oracle_login.rb
  • ./exploits/windows/imap/mailenable_login.rb
  • ./exploits/windows/imap/mercury_login.rb
  • ./exploits/windows/http/hp_power_manager_login.rb
Advertisements

Written by jcran

June 10, 2011 at 6:30 PM

Posted in Uncategorized

2 Responses

Subscribe to comments with RSS.

  1. password hangover ? O.o

    s3v3n

    September 2, 2012 at 5:34 AM

  2. Reblogged this on My.grind.on.IT und kommentierte:
    Netter Film, noch nettere metasploit scripte

    Dirk.L

    September 19, 2012 at 8:21 PM


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: