On Thu, 17 May 2001, The Picard wrote:
> Does anyone know where word lists containing commands can be found? Let me
> explain: during a pen-test I found a network device that has a telnet
> server. However, the prompt doesn't tell what it is/does nor does it appear
> to be an IOS-style box. More likely an embedded device. The password was
> trivial, however, there is little I can do with it because most commands I
> typed give an error back. I wrote a perl script that takes commands from a
> file and fed them one by one to the device through telnet, saving those that
> do not lead to an error to a separate file for later examination. Currently
> (the brute-force is still going on) I'm using 15M wordlist initially
> designed for password cracking.
fwiw, I've done a similar thing with a smaller dictionary: /usr/dict/words,
words from Phrack issues, and the telecom digest archives
( http://massis.lcs.mit.edu/telecom-archives/archives/glossaries/ ). I also
added a list of single non-word characters (!, @, #, etc) and every
combination of A-Z up from 1 to 4 bytes in length. Took a while
(this was over 2400 baud dialup), but it was fruitful.
James
Received on May 18 2001
Intro
