Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Bypass grub edit protection password
From: Justin Rogosky <jrogosky () gmail com>
Date: Fri, 10 Feb 2012 09:33:59 -0500

I would attempt to locate the manual online (assuming it is a
commercial product).
Some other avenues might be (after a port scan)
-SNMP
     -guessing strings (password reuse)

-SMTP
     -vulnerabilities
     - VRFY (user name guessing)
     - Alternate route to bruteforce accounts

-SSH - as mentioned above (be careful of account lockout)

Also just from experience the BIOS access keys I have seen are F1, F2,
F12, Esc, and Del

--Justin





On 2/9/12, Carlos Pantelides <carlos_pantelides () yahoo com> wrote:
Have you access to any other account? Is there any network service running?
Being centos 4.1 (2005-Oct-21 says the mirror) if it is unpatched perhaps
you can find a vulnerability and gain more access.


nmap it, is sshd running? try 500 most common passwords. Do you have time?
try a bigger dictionary.

Carlos Pantelides


-----------------


http://seguridad-agile.blogspot.com/

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]