Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

smb-brute.nse

From: Ron <ron () skullsecurity net>
Date: Tue, 24 Feb 2009 20:01:10 -0600
Hi all,

I've been working a lot on smb-brute.nse, which is a bruteforcer for
Windows passwords. It's a pretty cool script, and in my opinion (as the
author :) ) one of the best. I use a lot of cool tricks and techniques
to get the best possible reading. I wrote a fairly detailed blog about
the tricks I discovered which you can find here:
http://www.skullsecurity.org/blog/?p=164

I know some of you already read it, but I wanted to post it anyways. The
info there is interesting, at least to me, and I wanted to share it.
Most of these things were developed in a vacuum, I haven't looked at how
Hydra or Medusa or any other tools work, so they may do things I don't..
if you know about anything like that, let me know!

Anyway, Brandon has tested the script on his huge network and it seems
to be working pretty well. I'd like to slip in these changes before the
next beta, so if anybody wants to have a go, the sooner the better.
Here's how I suggest running it:

svn co svn://svn.insecure.org/nmap-exp/ron/nmap-smb
...
nmap --script=smb-brute,smb-server-stats -p445 <host>

The reason for including smb-server-stats is to verify that the
bruteforce worked (smb-server-stats requires admin, so it'll only work
if an admin count is found)

As with all my scripts, this won't run against Windows XP's occasional
default settings of logging in everybody as 'guest'. To disable that, go
to control panel, administative tools, local security settings, local
policies, security options, and change network access: sharing and
security model to "classic".

This uses Nmap's dictionary by default. If you want a different
dictionary, I've been collecting them on my wiki (thanks to Brandon and
Fyodor and anybody else who's helped me out):
http://www.skullsecurity.org/wiki/index.php/Passwords

Feedback would be great! And be careful with locking out accounts.

-- 
Ron Bowes
http://www.skullsecurity.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: