[Plug-security] Dictionary Lists
Lisa Kachold
lisakachold at obnosis.com
Wed Dec 5 19:49:15 MST 2012
After my October 2012 Brutessh.py PLUG Security List post followed with a
simple hackfest presentation and example, I was contacted by various people
(David Demland included) wanting clarification regarding which dictionary
list is used with which script.
This brings up the whole subject of dictionary list syntax required for use
with various tools. For most tools the username is either comma delimited
or return character delimited and is followed by a password. In Backtrack
5r3 use the locate command for "dict, password, lists".
While we get fairly deeply immersed this year in lab based production
pentesting of a number of "exploitable" virtualhosts, I will provide
cheatsheets which can be used to get around the various "broken by design"
or "purposely obfuscated" functions and features of Backtrack 5r3 and
especially Metasploit.
Since I gave a very breif introduction of Armitage as a "quick view tool"
for "at a glance" Metasploit nmap fingerprinting and exploit testing in
September, and again during team festing against targets built up by Scott
Becerra, I wanted to provide a head start for those who recognize the
advantages inherent in modular plugin frameworks
The complete Armitage CheatSheet will be available from the HackFest Vault
at http://it-clowns.com/index.php?/file-vault from from file archives on
IT-Clowns.com, that provides a recipe for Faultless
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-security/attachments/20121205/30394c24/attachment.html>
More information about the Plug-security
mailing list