From: Arturo 'B. B. <bu...@bu...> - 2009-08-31 14:25:08
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Arthur Dent wrote: > OK - I don't particularly want to tinker with my production machine, so > I have set up a vmware virtual machine. That's perfect. > One thought I had was this: I can SSH into into the VM from the host > machine. If I don't whitelist my local network in F2B I could try > deliberately false ssh logins from the host. Would that work? Absolutely :) - In any case, you always have vmware console access to the guest. :) > To that end I am trying to write a simple bash script simulating a > brute-force attack. No need. Just ssh to the host, and use incorrect passwords as many times as your jail.conf indicates for ssh (usually 3 or 6...). > I can't quite get this script to work (I am not a very good cracker I'm > afraid). Can anyone help me with this? Or can anyone suggest a better > testing strategy? Nmap's ncrack, THC's Hydra, and many other service bruteforcers. But, really, just use ssh... > I also have VMs for Ubuntu and Mint (but Mint is basically a Ubuntu > spin-off). I know nothing about CentOS and have never used it - but I > have a CentOS 5.2 disk from a magazine cover and could, I guess, create > a VM and install that if it helps? CentOS would be great. Ubuntu already tested. - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqbzmQACgkQAlpOsGhXcE1CBwCdGxZUd3p6lfeQ4HkLCOiBl/tn /1cAn3O1UHC+Mf9qfYNf9qdoGzHZNhWi =QD1a -----END PGP SIGNATURE----- |