Nmap Development mailing list archives
Re: Updated SMB scripts
From: Ron <ron () skullsecurity net>
Date: Wed, 24 Dec 2008 15:17:38 -0600
Ron wrote:
On a somewhat tangential topic (but, while I still have your attention :) ), I'm working on a bruteforce script for SMB that I didn't include in the latest update. I started using unpwdb which I think was written by you, but it has some limitations. For instance, I want to be able to collect usernames as I go along (especially from boxes that let me pull a list of users either before or after finding a login), and prioritize commonly found usernames/passwords as I go along (ie, when a password is discovered, it's moved to the top of the list). It'd also be useful to use the collected usernames/passwords for other bruteforcing (like after finding a list of usernames for a Windows server over SMB, use those when bruteforcing a pop3 later). Right now I'm storing them in the registry and using them for my own scripts, but it might be good to make it more generic. Any thoughts on if unpwdb can be extended for that kind of thing? Ron
Two other things about this idea: a) Have the ability to trim the list based on password complexity requirements b) Have the ability to modify the password list (add a number after, l33t-ify, etc) -- even just put the number '1' after it (according to the whackload of leaked Myspace passwords[1], it is incredibly common to stick a '1' or another number after your password. [1] http://www.skullsecurity.org/wiki/images/7/72/List-myspace.txt Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Updated SMB scripts Ron (Dec 23)
- Re: Updated SMB scripts Kris Katterjohn (Dec 24)
- Re: Updated SMB scripts Ron (Dec 24)
- Re: Updated SMB scripts Kris Katterjohn (Dec 24)
- Re: Updated SMB scripts Ron (Dec 24)
- Re: Updated SMB scripts Ron (Dec 24)
- Re: Updated SMB scripts Kris Katterjohn (Dec 24)
- Re: Updated SMB scripts Ron (Dec 24)
- Re: Updated SMB scripts Ron (Dec 24)
- Re: Updated SMB scripts Kris Katterjohn (Dec 24)
- Re: Updated SMB scripts Ron (Dec 28)
- Re: Updated SMB scripts David Fifield (Dec 28)
- Re: Updated SMB scripts David Fifield (Dec 29)
- Re: Updated SMB scripts Ron (Dec 29)
- Re: Updated SMB scripts jah (Dec 29)