Tools
The following are recent tools published by MWR InfoSecurity.
Full TextVMWare authd brute forcer
Aug 15, 2008
This is a multithreaded tool to bruteforce the VMware console. This acts as a wrapper around VMware-cmd, which must be installed for this to function. It will allow you to try multiple passwords for a single user account in order to identify any weak passwords which may have been set.
Around 10 threads will normally be fine, Windows systems will lap it up, *NIX systems will be slower. The dictionary should be specified by path. For efficiency and to ensure concurrency between threads the dictionary is read into memory.
WARNING: inetd will only allow a certain number of connections per minute (around 250) after this number the service, in this case vmware-authd, will die causing a DoS. Therefore be careful if you are using this tool against UNIX based systems. If so then ensure that xinetd is being used instead.