User manual
22
>Effort sub-tab. Once set, PhoneSweep’s current level of effort is indicated by an icon at the bottom of
the PhoneSweep window, as well as displayed on the Setup->Effort sub-tab. The three levels of effort
available are:
•
Connect. When this level of effort is specified, PhoneSweep will call each telephone
number, classify the answer (if any) as Voice, Modem, Fax, etc. and then hang up. At Connect
level of effort, PhoneSweep listens only; no information is exchanged.
•
Identify. When this level of effort is specified, PhoneSweep will attempt to determine the
specific type of device or operating system that has answered the call. This may involve sending
data (usually carriage returns) to the remote device to elicit a response.
•
Penetrate. When this level of effort is specified, PhoneSweep will call each modem that is at
least partially identified and execute a brute force username/ password guessing attempt. Note
that the Penetrate level of effort can be dangerous due to its intensive attempts to break into
systems. Make sure you have clear authorization to be this intrusive before using PhoneSweep to
scan a set of phone numbers in Penetrate mode, and that all calls are set up for the correct time
period.
Levels of effort are cumulative. At a given level of effort, PhoneSweep will take the actions specified by
that level of effort, as well as those specified by all less invasive levels of effort. For example, you must
connect to a device before you can attempt to identify it. Likewise, if PhoneSweep is set to attempt to log
in to a remote system, it will also attempt to identify the system. Note that PhoneSweep can only brute-
force a system for which it has made at least a partial identification.
The level of effort you specify determines the number of phone calls PhoneSweep will make in order to
complete the scan and, therefore, the time required by the scan. PhoneSweep running in Penetrate mode
will make more calls than PhoneSweep running in Connect or Identify mode, since PhoneSweep will
need to call back the modems it has identified in order to try the username/password combinations. You
can use levels of effort to decrease the amount of time necessary to complete an audit by first sweeping a
profile at the Connect level of effort, and then calling back numbers with suspicious responses at a higher
level of effort.
For more information on setting the level of effort for a PhoneSweep scan, see Section 4.6, Setting Level
of Effort.
2.7 Brute Force Username/Password Guessing
If the level of effort is set to Penetrate, PhoneSweep will attempt a username/password guessing attack on
each modem it discovers. These username/password combinations are usually simple, and therefore easily
guessed, such as:
"root" "toor"
"system" "manager"
"guest" "guest"
The username/password list can be modified directly via the Effort tab (See Section 4.6.6, The
bruteforce.txt file for more information). PhoneSweep comes with the following files and utilities for
brute force username/ password guessing:
• bruteforce.txt: This is the file PhoneSweep uses to make username/password guesses. You will
likely need to modify this file for your particular needs, which can be done using the
brutecreate.exe utility or by directly editing the file. You can also import other