User manual

137

Appendix F. Sample

brutecreate.exe

Output File.

For input, brutecreate.exe uses the following two files:

• unametest.txt, with contents:*

root

guest

usera

admin

userb

• pwdstest.txt, with contents:*

password

secret

toor

changeme

guest

*Note: to use a blank (NULL) user name or password, simply type a carriage return on a line. A single

space will require that you type a space then carriage return.

First, clear the existing bruteforce.txt file by issuing the clear command (from an MS-DOS prompt):

brutecreate clear

Then combine the two files by issuing the combine usernamefile.txt passwordfile.txt command.

brutecreate combine unametest.txt pwdstest.txt

The usernames file is simply a text file list of usernames, with each user name on its own line ending in a

carriage return. To use a NULL or empty username, simply use a carriage return for that line. (You do not

need to bracket each user name with double quotes.)

The password file is simply a text file list of passwords, with each password on its own line ending with a

carriage return. To use a NULL or empty password, simply use a carriage return for that line. (You do not

need to bracket each password with double quotes.)

Brutecreate combine will add the double quotes around both usernames and passwords.

The bruteforce.txt file created is shown on the next page. Note that the total number of entries is the

product of the number of usernames and the number of passwords, in this case 25. Keep in mind how

many username/password combinations are created by brutecreate.exe, and that PhoneSweep in Penetrate

mode will try all these combinations for each system it identifies.