[2694] in bugtraq
Re: brute force
daemon@ATHENA.MIT.EDU (Tom Fitzgerald)
Thu Jun 6 03:09:10 1996
Date: Thu, 6 Jun 1996 01:47:28 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Tom Fitzgerald <fitz@draco.mv.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199606041959.PAA26550@phoenix.iss.net> from "Christopher Klaus"
at Jun 4, 96 03:59:40 pm
> Here are several services we bruteforce attack:
>
> telnetd
> rexecd
> ftpd
> rshd
> pop3
> filesharing
>
I'm surprised you don't list uucpd, that's always been my favorite target
for a password bruteforce (rexecd is easier, but it's disabled on more
platforms than uucpd).
As for the individual who claimed that 99% of sites let you ftp the
/etc/passwd file, yes that's true but the passwd file is much more often a
dummy. Either the passwords are *'d out (if the target is one of those
checklist-following places) or the encrypted password is bogus (if the
target is sneaky).
--
Tom Fitzgerald fitz@draco.mv.com
