Results 1 to 7 of 7

Thread: Penetration Testing: User, Password and Domain for ISA Server

  1. #1
    md52007
    Guest

    Question Penetration Testing: User, Password and Domain for ISA Server

    hi guys i have ISA server and i want to do pen test on it whats the tools i need i try asleap program but it doesnt recover any user name or password is it die from 2004 or it work till now to recover user name and password from VBN or ISA server i try ettercap but i not work well can any one give me any advise or hint

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Im not sure what protocol that would be but I'm sure hydra would do the trick to guess the password.

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    I don't mean to come across as rude, I'm sure English isn't your first language but can we get some capital letters and punctuation in there? I can't even figure out what you're trying to ask.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  4. #4
    Very good friend of the forum drgr33n's Avatar
    Join Date
    Jan 2010
    Location
    Dark side of the moon ...
    Posts
    699

    Default

    Hey md52007

    There are many tools you can use to recover passwords. I mean you could try bruteforce methods like hydra to break passwords. Or you could use an exploit to gain access to the box and then steel passwords.

    Thats what you are doing in a pentest., you are trying to smash your security.

  5. #5
    md52007
    Guest

    Default

    i think brute force not very well because it depend on luck only but can one use asleap program is it work till now or it die

  6. #6
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    I still have no idea what you're trying to ask so I'll guess "it die" <shrug>
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  7. #7
    Very good friend of the forum drgr33n's Avatar
    Join Date
    Jan 2010
    Location
    Dark side of the moon ...
    Posts
    699

    Default

    sorry md52007 You have lost me know lol You want to use asleep to see if ou can penertate your ISA server???

    asleep is a bruteforce password guesser!

    To use asleap first you have to generate the necessary database (.dat) and index files (.idx) from your wordlist. To do this we use Genkeys....

    Code:
    cd /pentest/wireless/asleap-1.4
    genkeys  -r  /path/to/wordlist.txt  -f  dict.dat  -n  dict.idx
    Now we are ready to begin

    Code:
    asleap  -r  /path/to/savedpackets -f  dict.dat  -n  dict.idx
    And you are done

    Quote Originally Posted by thorin
    I still have no idea what you're trying to ask so I'll guess "it die"
    hahahaha I think he's trying to say that asleap is outdated and has been since 2004

    Oh yea and what exactly have you been doing with ettercap???

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •