Re: Pentesting Openmail Web login

To:	s-williams@nyc.rr.com
Subject:	Re: Pentesting Openmail Web login
From:	"Rodrigo Montoro (Sp0oKeR)" <spooker@gmail.com>
Date:	Fri, 25 May 2007 17:26:41 -0300
Cc:	listbounce@securityfocus.com, "pen-test@securityfocus.com" <pen-test@securityfocus.com>
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lVcGDAmR+cSHhEGjrRfQi+DIf47wN5tbJKed/cVfR+zD3FBrfwpxC/Fskl5uT4KWnpHpycHZGI9CVNIuH0V6/6fnXngDRBvKPeH47lX8Ub+//POAuRnyVo7iAzN6Vh+xBWmFSpEjC3cvmy9I0PY/Spe9O6BRC4ejI/ui5IAHuys=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=OyO51lOlN7nZaeDix/a9WfvL9IrtvNOckjm7kaUwGMA7zei0ZJRaN6DtuudJiJm6kYtz8T9kYROgnvknCgjvUZMoJmYIIsNSjk9mZvbeaucxUygeHJKl/cbMFGSNFkImf11HCLNJaE8rebOQBWFEwC1ew0TYaY8MeNKuO1c/J/M=
In-reply-to:	<1028739553-1179935945-cardhu_blackberry.rim.net-1301772184-@bxe056-cell01.bisx.prod.on.blackberry>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<1028739553-1179935945-cardhu_blackberry.rim.net-1301772184-@bxe056-cell01.bisx.prod.on.blackberry>
Resent-date:	Fri, 25 May 2007 13:49:25 -0600 (MDT)
Resent-from:	pen-test-return-1078484258@securityfocus.com
Resent-message-id:	<20070525194925.4E29C14657F@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

Webfuzz it's nice to bruteforce it =)


Wfuzz is a tool designed for bruteforcing Web Applications, it can be
used for finding resources not linked (directories, servlets, scripts,
etc), bruteforce GET and POST parameters for checking different kind
of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters
(User/Password), Fuzzing,etc.

http://www.edge-security.com/wfuzz.php

Regards,


On 5/23/07, s-williams@nyc.rr.com <s-williams@nyc.rr.com> wrote:

I am task with testing user accounts on our mail system. We currently have two 
systems Exchange, and OpenMail for Linux which is on the DMZ. We are interested 
in finding out how easy it might be for someone to guess the password of one or 
our users account.

And if the are sucessful what can the do on the linux box, with that username 
and password.

We have a main site with a link to the webmail system from there, ifi want to 
test this which tool might be the best for doing this since its a link and not 
the main page?

Thanks in advance
"A wise man ask questions, a fool is afraid of knowledge"

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



--
"If you are not part of solution,
you are part of the problem."

=========================
    Rodrigo Ribeiro Montoro
BRConnection  Security  Team
      spooker@brc.com.br
           RHCE/LPIC-I
=========================

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Pentesting Openmail Web login, s-williams Re: Pentesting Openmail Web login, Rodrigo Montoro (Sp0oKeR) <= Re: Pentesting Openmail Web login, s-williams Re: Pentesting Openmail Web login, Brent Wolfram Re: Pentesting Openmail Web login, Tremaine Lea Re: Pentesting Openmail Web login, sherwyn . williams RE: Pentesting Openmail Web login, Clemens, Dan RE: Pentesting Openmail Web login, Marco Ivaldi Re: Pentesting Openmail Web login, Bojan Zdrnja Re: Pentesting Openmail Web login, pagvac Re: Pentesting Openmail Web login, rajat swarup

Previous by Date:	RE: Pentesting Openmail Web login, Marco Ivaldi
Next by Date:	RE: Consulting License Offer, Levenglick, Jeff
Previous by Thread:	Pentesting Openmail Web login, s-williams
Next by Thread:	Re: Pentesting Openmail Web login, s-williams
Indexes:	[Date] [Thread] [Top] [All Lists]