| To: | "Saehrig, Steven" <ssaehrig@jeffersonradiology.com> |
|---|---|
| Subject: | Re: Pen-test Freesshd 1.10 |
| From: | "Jamie Riden" <jamesr@europe.com> |
| Date: | Sat, 23 Dec 2006 07:54:18 +1300 |
| Cc: | pen-test@securityfocus.com |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | pentest-list2@consult.net |
| Delivered-to: | mailing list pen-test@securityfocus.com |
| Delivered-to: | moderator for pen-test@securityfocus.com |
| Domainkey-signature: | a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=L7uDd4c1jFhI5KNq+4AjL/CVbLIGh9cCa058jnet1grodh/pLLysqUgAKWOXr8Si9qiekxSKIy3jOqdVhcO3IlOVmDk+vaQ54z9dZm7H8F0a8kHwTV3oHKgTfdw3NWmIgWxXT6ahnSaKJMH/aPlx0JjthK6gBd3MA/4fzJ8lcfs= |
| In-reply-to: | <94DCA36D5F0CBB4BB28CB953D97EFE900112C811@jxr-01-ex01.JXR.local> |
| List-help: | <mailto:pen-test-help@securityfocus.com> |
| List-id: | <pen-test.list-id.securityfocus.com> |
| List-post: | <mailto:pen-test@securityfocus.com> |
| List-subscribe: | <mailto:pen-test-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:pen-test-unsubscribe@securityfocus.com> |
| Mailing-list: | contact pen-test-help@securityfocus.com; run by ezmlm |
| References: | <94DCA36D5F0CBB4BB28CB953D97EFE900112C811@jxr-01-ex01.JXR.local> |
| Resent-date: | Fri, 22 Dec 2006 11:01:01 -0700 (MST) |
| Resent-from: | pen-test-return-1078483319@securityfocus.com |
| Resent-message-id: | <20061222180101.84CCE237D06@outgoing3.securityfocus.com> |
| Resent-sender: | listbounce@securityfocus.com |
| Sender: | listbounce@securityfocus.com |
| Sender: | jamie.riden@gmail.com |
On 22/12/06, Saehrig, Steven <ssaehrig@jeffersonradiology.com> wrote: Hello all, This is the first time sending to the list I would like to know some way to pen-test a sftp server I have setup on our network. I have tried nmap for open ports and I have tried metasploit for buffer overflows that I found on Google. Are there any programs or tricks I should know to try and break into this. I am basically proving the security of the application for production use. Thank you for any advise you can give me. The last couple of SSH compromises I've seen were all through the use of insecure passwords - e.g. upload/upload. Have you tried a dictionary attack against the more common user names? cheers, Jamie -- Jamie Riden, CISSP / jamesr@europe.com / jamie.riden@gmail.com NZ Honeynet project - http://www.nz-honeynet.org/ |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: Banner Grabbing, sami ghourabi |
|---|---|
| Next by Date: | Re: Port 1443, Jamie Riden |
| Previous by Thread: | RE: Pen-test Freesshd 1.10, Clemens, Dan |
| Indexes: | [Date] [Thread] [Top] [All Lists] |