Nmap Development mailing list archives
smb-brute.nse
From: Ron <ron () skullsecurity net>
Date: Tue, 24 Feb 2009 20:01:10 -0600
Hi all, I've been working a lot on smb-brute.nse, which is a bruteforcer for Windows passwords. It's a pretty cool script, and in my opinion (as the author :) ) one of the best. I use a lot of cool tricks and techniques to get the best possible reading. I wrote a fairly detailed blog about the tricks I discovered which you can find here: http://www.skullsecurity.org/blog/?p=164 I know some of you already read it, but I wanted to post it anyways. The info there is interesting, at least to me, and I wanted to share it. Most of these things were developed in a vacuum, I haven't looked at how Hydra or Medusa or any other tools work, so they may do things I don't.. if you know about anything like that, let me know! Anyway, Brandon has tested the script on his huge network and it seems to be working pretty well. I'd like to slip in these changes before the next beta, so if anybody wants to have a go, the sooner the better. Here's how I suggest running it: svn co svn://svn.insecure.org/nmap-exp/ron/nmap-smb ... nmap --script=smb-brute,smb-server-stats -p445 <host> The reason for including smb-server-stats is to verify that the bruteforce worked (smb-server-stats requires admin, so it'll only work if an admin count is found) As with all my scripts, this won't run against Windows XP's occasional default settings of logging in everybody as 'guest'. To disable that, go to control panel, administative tools, local security settings, local policies, security options, and change network access: sharing and security model to "classic". This uses Nmap's dictionary by default. If you want a different dictionary, I've been collecting them on my wiki (thanks to Brandon and Fyodor and anybody else who's helped me out): http://www.skullsecurity.org/wiki/index.php/Passwords Feedback would be great! And be careful with locking out accounts. -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- smb-brute.nse Ron (Feb 24)