Electronic Books

16.1.40

The ??“u kermit tells TSGrinder to use the username Kermit (as identified
from previous labs on this target).

The ??“w dict tells TSGrinder to use the dictionary file named dict.

172.16.1.40 is of course the target IP address.
Brute Force
355
A remote connection screen will appear in sets of five attempts. The
username of Kermit will automatically be placed into the User name field and
each password, one at a time from the dictionary file, will automatically be
placed into the Password field.
As each set of five attempts is made, an update to the screen will be displayed.
356
Practical Hacking Techniques and Countermeasures
If the correct password for the username is in the dictionary file, a terminal
session will be established momentarily to the target. Either click the OK
button or simply wait a few seconds and the screen will close automatically.
If the correct password was located, the password will be given. In this
example, the password is 123. Now the attacker can log in ???at will??? to the
server via a Terminal Server session as that user.
*Note: TSGrinder is one of my favorite tools because of its uniqueness and by default
the Administrator account cannot be locked out with this method. Keep in mind
that each attempt will be logged into the event log; once access is granted, the
attacker will simply delete the logs and more than likely turn logging off altogether.
[
Chapter 8
Vulnerability Scanning
Vulnerability Scanning


359
Lab 60: Vulnerability Scanner
Perform Vulnerability Assessment: SAINT
Prerequisites:
None
Countermeasures:
Secure access control lists (ACLs), Bastion servers/
workstations
Description:
SAINT (Security Administrator??™s Integrated Network Tool) is
a security assessment tool based on SATAN.


Pages:
119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143