I really Love Backtrack 5 and all the tools it comes with, Metasploit, Xhydra, Nmap, some of the most popular. But there's nothing i enjoy more than the feeling of success, the feeling you get when your hard work finally pays off, and the password goes through. I had a lot of fun doing this as a password pentester back in my younger days. i was surprised at just how easy it was to get peoples passwords using a brute forcer and the right server configuration. i was popular on AIM. i had over 160 friends, and what that meant is that i had over 160 active screen names to try and get the password to!
Here's how it's done.
Fire up a terminal, zenmap and Xhydra
ping smtp.aol.com your output should look like this:
In some circumstances the IP address will be different. i will supply you with the correct one; but hypothetically any IP address will work
step 1. ping smtp.aol.com (22.214.171.124)
step 2. port scan the IP address and verify port 587 (SMTP AUTH) is open
step 3. input data into Xhydra
single target: 126.96.36.199
username: programmerdemon (or any screenname)
password: passwordlist (i have my own)
*others can be found in /root/pentest/passwords/wordlist/
about 8 tasks should be fine
it was my screenname so i didn't show the password. also, you may want to use a proxy. any questions don't hesitate to email.