Midnight Research Labs has just published a new tool. Depant will scan your network and check to see if services are using default passwords. It starts by performing an Nmap scan to discover available services on the network. It organizes these services by speed of response. Using Hydra it does brute force password checking of these services with a default password list. The user can supply an alternate list for the first phase or an additional list to be used in a followup check. Depant has many different options for configuring your scan and will certainly help you find that rogue piece of hardware on your network that someone failed to set up securely.
15 thoughts on “Default Password Network Scanning”
Leave a Reply
Please be kind and respectful to help make the comments section excellent. (Comment Policy)
Brute Force != Password list
Brute Force = a, aa, ab, ac .. c, ca, cb … hell, helm, heln, etc…
Password List = user, name, username, etc, as the list dictates.
If hello isn’t on the list, hello won’t be used at all. In brute force, hello will be used, eventually, as every combination of alphanumeric characters of x length are tried.
It’s more of a dictionary attack than a brute force, but it’s a cute looking tool nonetheless.
isn’t a dictionary attack just a specific type of brute force attack?
I thought it was gonna be wardriving depant but alas…
Still nice utilites… thanks
I was under the impression that a brute force attack was anything that wasn’t trying to just bypass the password.
Dictionary password attacking uses a pre-populated list of possible passwords. Usually those found in a dictionary and that are common words that aren’t spelled funky (i.e. “@pple”).
Brute force tries every combination from a-z and can try variations of words. This can also be taken from a list but most security scanners will just do variations of common words (i.e. “apple”, “@pple”, “appl3”, etc.)
Hybrid pw attacks are a combination of the above.
I don’t know if anyone else has made this observation, but there seems to be a trend that a large number of people will take a word like ‘password’, turn it into pa55w0rd and be happy that the result is secure. I’ve just noticed more and more that this is a common thing for non-IT (non-security-conscious) people to do.. Could be a good start for a wordlist anyhow.
RE: pa55w0rd
I once used d455w0rp for a password.
people should do this on their home networks too. soooo many people dont secure their wifi fully. they put a WPA2 key on it, thats 64 letters long, but forget to password protect the routers software. put the ip address of the router in, tpye admin and password, and your free to change all the settings you like
quick add tr34kepOf’s password to the list!
Well, ross, you’d have to break the 64 letters long wpa2 key in order to get to the router, so although it’s not a good idea to leave the router unprotected, it’s hardly a serious issue.
well, beamish, you can connect to routers using this amazing invention known as cables – so you in fact do not always need the WPA\WEP key.
it seems like _ALL_ the posters have no clue – keep using those scripts, kiddies!
Well I would say truth, if they were close enough to plug in a cable to your router you might have a bigger problem’s then the would be intruder stealing the info on your network. I would be more worried about them stealing your network. LOL
want to hack http://www.agarwal2agarwal.org
singh_is_king … contact me… i hav done it… lets see how can we work together…