Datdamwuf of wolf wrote:
Another issue, I am looking at prefs, if I elect to brute force Telnet, FTP, etc - where is the files that Nessus uses for this purpose? I need to configure them too...eyes burning out of head, simply not seeing them, doh!If you are talking about the Hydra plugin (brute force various authentication mechanisms) you need to setup these files yourself. There are no user/passwords files at the moment provided by Nessus. However, it can be pretty easy to setup a list for default (system) users in UNIX systems (see below, comments welcome). As for passwords, either use the same file (to look for username=password combinations) or make your own dictionary.
IIRC the Openwall project provides a nice file with common password list in John the Ripper (http://www.openwall.com/john/). More dictionaries/wordlist are available at
ftp://ftp.cerias.purdue.edu/pub/dict
ftp://ftp.ox.ac.uk/pub/wordlists
Regards
Javi
------------------------------------------------- List for default system users ---------------------------------------------------------
adm
backup
bin
bind
daemon
ftp
games
gnats
identd
irc
list
listen
lp
majordom
man
msql
mysql
named
news
noaccess
nobody
nobody4
nuucp
opc_op
operator
oracle
postgres
proxy
root
snort
ssh
sshd
sync
sys
system
uucp
www-data
