Hi, The idea is not to brute force, but rather centralized standard used passwords, such as Guest/Guest, Administrator/, etc... rather than looking for them inside plugins. The accounts.txt should not include more than 20-40pairs. Thanks Noam Rathaus http://www.SecuriTeam.com http://www.BeyondSecurity.com Know that you're safe (against Code Red and other vulnerabilities): http://www.AutomatedScanning.com/ ----- Original Message ----- From: "Renaud Deraison" <deraisonat_private> To: <plugins-writersat_private> Sent: Thursday, September 06, 2001 15:57 Subject: Re: cisco password (analysis) > On Tue, Sep 04, 2001 at 11:09:14PM -0000, Noam Rathaus wrote: > > Hi, > > > > Will this API be ready for Nessus 1.1? > > This can be done. However, I'm not really convinced about the need for > brute force attacks plugins, except while doing a pen-test. > > Most of the time, you'd better off logguing in the system, extract the > password base, and bruteforce the passwords locally. > > But if people see an interest in doing that over the network, well, I > guess I'll implement get_next_username() and get_next_password() (or > whatever I'll call them) > > -- Renaud > > >
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 14:04:53 PDT