Thanks Rick! This is great information .. It's getting added to my obnoxiously large dictionary file.
On a related note, I noticed the "Brute force SMB" option under the Hydra section in the Prefs. tab. If anyone has used this successfully, could you share your thoughts? I'm assuming this works against WinNT/2k/XP machines running Microsoft file and printer services? I'm definitely in need of a method to dictionary/brute force MS file and print services on any MS machines with ports 139 and 445 open. For clarification on the Hydra section .. When I select a logins file and a passwords file, and then select "Brute force SMB" (or any of the other options) does Nessus effectively run the username and dictionary files first and then begin a brute force, or is "brute force" being used here to mean a "dictionary" attack?? Thanks for the advice, Mark -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Hoekman Sent: Friday, September 05, 2003 6:14 PM To: [EMAIL PROTECTED] Subject: Re: Hydra features in Nessus .. Hello Mark, These guys are into hacking routers.. There's a default password list of routers/switches and so on and some interesting tools.. http://www.phenoelit.de/fr/misc.html Have fun ;) Rick Friday, September 5, 2003, 11:57:55 PM, you wrote: MGS> I've never used the Hydra features in Nessus before, but now think MGS> I have a good reason to .. I would like to guess from dictionary MGS> and then brute force the username/passwords of my routers running MGS> HTTP services to determine how difficult they are to crack. MGS> Any suggestions on whether the Hydra features in Nessus would be MGS> appropriate here? I should probably kick off the same testing for MGS> Telnet as well, since some of the routers listen both on HTTP and MGS> Telnet. I've never run remote password cracking before, usually MGS> I'm using John the Ripper, crack32, or other apps in a local MGS> setting. MGS> I have a large dictionary file (>70meg) that I built using stuff I MGS> found while Googling. If anyone has advice on dictionary files MGS> most appropriate for routers (default accounts, etc.) that would be MGS> helpful. MGS> Thanks for the help, MGS> Mark
