Errr - sledgehammer & walnut anyone? What's the point in implementing networking just to do a bruteforce crack on a *serial* connection? Has the world gone mad? Is it *really* that hard to write a bruteforcer in C or script language? I'm not having a go, it just strikes me as a bit of overkill, considering you *used* to be able to get a bruteforcer for the KX-TD 1232 at pbxsoftware.com (incidentally I may have the archive somewhere so mail me if you urgently require it) and you could write a cracker in Telix script in under 20 lines. The KX-TD allows infinite password attempts from what I recall and I also seem to remember it's either a 5 or 7 digit password (default 12345..) My home-rolled script can crack one in under an hour over dialup at which point you just roll on in with Programmator. Nice to see a PBX saying "Welcome" at login :) KP On Mon, May 13, 2002 at 10:55:55PM +0100, Lists wrote: > If you could somehow get it attached to the network (e.g. use nc to connect > the serial port to a listening "socket") you could then try something like > brutus (http://www.hoobie.net/brutus/) and a word list, i think LC3 > (http://www.atstake.com) had a nice one. I had to do something similar once, > and i used a linux console server program to allow me to "telnet" to the > serial port, you might even be able to fudge something together with a copy > of minicom if you have a linux box to hand - then just point brutus at it. > > > ----- Original Message ----- > From: <CMichalat_private> > To: <pen-testat_private> > Sent: Monday, May 13, 2002 7:24 PM > Subject: Serial Connection Password Cracker. > > > > I'm looking for a program that can do a dictionary based attack on a > > device that is connected to a laptop via com port, serial port. > > Its a piece of hardware that has no lockout after successive bad > > passwords and there is no delay between try's. > > If there isn't a cracking program out there with this capability I guess > > I will have to write some software that will do it. > > > > Its a Panasonic KX-TVS75 phone system to be exact, I have the piece of > > hardware in my possession but I forgot the console password. > > > > -C > > > > > > -------------------------------------------------------------------------- > -- > > This list is provided by the SecurityFocus Security Intelligence Alert > (SIA) > > Service. For more information on SecurityFocus' SIA service which > > automatically alerts you to the latest security vulnerabilities please > see: > > https://alerts.securityfocus.com/ > > > > > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu May 16 2002 - 10:49:52 PDT