HP Enumeration
> Authentication Method
>> Host OS Authentication
>> Default Authentication
>>> Default Passwords (http://www.vulnerabilityassessment.co.uk/passwordsC.htm)
> Wikto (http://www.sensepost.com/)
> Nstealth (http://www.nstalker.com/eng/products/nstealth/)
HP Bruteforce
> Hydra (http://www...
Score: 0
NFS Enumeration
> showmount -e hostname/ip_address
> mount -t nfs ip_address:/directory_found_exported /local_mount_point
NFS Brute Force
> Interact with NFS share and try to add/delete
> Exploit and Confuse Unix (http://www.vulnerabilityassessment.co.uk/nfs.htm)
Examine Configuration Files
> /etc/exports
> /etc/...
Score: 0
Oracle Enumeration
> oracsec (http://www.woany.co.uk/oracsec/)
> Repscan (http://www.red-database-security.com/)
> Sidguess (http://www.red-database-security.com/)
> Scuba (http://www.imperva.com/products/scuba.html)
> WinSID (http://www.vulnerabilityassessment.co.uk/WinSID.zip)
> Oracle default password list (http:/...
Score: 0
Citrix Enumeration
> Default Domain
> Published Applications
./citrix-pa-scan {IP_address/file | - | random} [timeout] (http://www.cqure.net/tools/citrix_pa.zip)
citrix-pa-proxy.pl IP_to_proxy_to [Local_IP] (http://www.cqure.net/tools/citrix_pa.zip)
Citrix Brute Force
> bforce.js ( http://code.google.com/p/gobag/source/browse/tr...
Score: 0
SQL Enumeration
> piggy ( http://www.cqure.net/wp/?page_id=33 )
> SQLPing ( http://www.sqlsecurity.com/Tools/FreeTools/tabid/65/Default.aspx )
>> sqlping ip_address/hostname
> SQLPing2 ( http://www.sqlsecurity.com/Tools/FreeTools/tabid/65/Default.aspx )
> SQLPing3 ( http://www.sqlsecurity.com/Tools/FreeTools/tabid/65/Def...
Score: 0
Rsh Enumeration
> rsh host [-l username] [-n] [-d] [-k realm] [-f | -F] [-x] [-PN | -PO] command
Rsh Brute Force
> rsh-grind ( http://pentestmonkey.net/tools/rsh-grind/ )
> Hydra ( http://freeworld.thc.org/ )
> medusa ( http://www.foofus.net/jmk/medusa/ )...
Score: 0
Rlogin Enumeration
> Find the files
find / -name .rhosts
locate .rhosts
> Examine Files
cat .rhosts
> Manual Login
rlogin hostname -l username
rlogin <IP>
> Subvert the files
echo ++ > .rhosts
Rlogin Brute force
> Hydra ( http://freeworld.thc.org/ )...
Score: 1
modscan
http://www.packetstormsecurity.org/UNIX/scanners/modscan.py.txt...
Score: 0
Enumeration
> ike-scan ( http://www.nta-monitor.com/ike-scan/ )
> ike-probe ( http://www.ernw.de/download/ikeprobe.zip )
Brute-Force
> ike-crack ( http://ikecrack.sourceforge.net/ )
Reference Material
> PSK cracking paper ( http://www.ernw.de/download/pskattack.pdf )
> SecurityFocus Infocus ( http://www.securityfocus....
Score: 0
ldap enumeration
> ldapminer ( http://sourceforge.net/projects/ldapminer/ )
ldapminer -h ip_address -p port (not required if default) -d
> luma ( http://luma.sourceforge.net/ )
Gui based tool
> ldp ( http://www.microsoft.com/ )
Gui based tool
> openldap ( http://www.vulnerabilityassessment.co.uk/%20http://www.openldap.org/ )
...
Score: 0