I will first admit to being new to all of this.

I'm trying to connect via telnet to a former employer. I scanned their network and discovered a weak password- that they are running Free BSD Telnet on port 2*. When I connect to their telnet I'm required to login with a password.

I've Googled BSD passwords, telent passwords, default BSD telnet passwords.... can anyone give me some advice on how to find this or crack this user id and password combo? Not looking for a hand out just a pointer...thanks

You could use a brute forcer... do they have a limited number of tries before they block you?

They don't appear to have a limit at all...I tried about 20 different combos before I decided to get more info. I ran a Nessus scan and found several interesting areas to explore. They have several gaping holes as I have two user names...I'm not sure how to brute force a password I don't have.

I have only used brute force (L0pht, Cain..) on pasword hashes I have.

Cain won't work, unless he is using your LAN to connect to the Internet.

I found a whole bunch of forcers on Google

http://www.google.com/search?hl=en&q=brute+forcer

------------------------------------------------------------

If you have his hashed password, here is a VERY good decrypter

http://www.openwall.com/john/

It can crack DES, MD5, Blowfish, Kerebos, and more.

I don't have the pass or user id which is required to access their telent. How do I brute force this...is that possible?