Re: Updated SMB scripts

[Ron <ron () skullsecurity net>]

Ron wrote:
> On a somewhat tangential topic (but, while I still have your attention
> :) ), I'm working on a bruteforce script for SMB that I didn't include
> in the latest update. I started using unpwdb which I think was written
> by you, but it has some limitations. For instance, I want to be able to
> collect usernames as I go along (especially from boxes that let me pull
> a list of users either before or after finding a login), and prioritize
> commonly found usernames/passwords as I go along (ie, when a password is
> discovered, it's moved to the top of the list).
>
> It'd also be useful to use the collected usernames/passwords for other
> bruteforcing (like after finding a list of usernames for a Windows
> server over SMB, use those when bruteforcing a pop3 later). Right now
> I'm storing them in the registry and using them for my own scripts, but
> it might be good to make it more generic.
>
> Any thoughts on if unpwdb can be extended for that kind of thing?
>
> Ron
Two other things about this idea:

a) Have the ability to trim the list based on password complexity
requirements
b) Have the ability to modify the password list (add a number after,
l33t-ify, etc) -- even just put the number '1' after it (according to
the whackload of leaked Myspace passwords[1], it is incredibly common to
stick a '1' or another number after your password.

[1] http://www.skullsecurity.org/wiki/images/7/72/List-myspace.txt

Ron

-- 
Ron Bowes
http://www.skullsecurity.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org