Penetration Testing mailing list archives

Re: Scanning for blank admin passwords on a windows box

From: "Olivier Busolini" <olivier.busolini () wanadoo fr>
Date: Wed, 24 Jul 2002 17:05:32 +0200

Hi,

I completely agree with Anders about userinfo. The only problem is that this
tool messes up a bit on a target with a "large" (>20-30) number of users:
some weak account are not detected (blanck password, or equal to username).
So it's better to double check with another tool like the one Erwin (van der
Zwan) named.

Hope this helped,

Olivier
----- Original Message -----
From: "Anders Thulin" <Anders.Thulin () kiconsulting se>
To: "Jason" <cisspstudy () yahoo com>
Cc: <pen-test () securityfocus com>
Sent: Monday, July 15, 2002 11:05 AM
Subject: Re: Scanning for blank admin passwords on a windows box


Jason wrote:


I am looking for a fast multithreaded tool that can scan a range of IP
addresses and look for blank administrator (or other user accounts)
passwords on a windows NT/2000 server.


If it can also try the username as password, server name as password

that

would also be nice.



   Take a look at the multithreaded beta of userinfo 1.9 at
http://www.clicknet.ch/chscene/chscene.php. It's not fully multithreaded,
though -- it only does it over 64-subnets. It's also in the SecurityFocus
tools list, but there is at least one other tool with the same name to
confuse you.

   Main problem is that it reports in web page format...

   There are several non-mt tools that does the same thing.

--
Anders Thulin   anders.thulin () kiconsulting se   040-661 50 63
Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden


--------------------------------------------------------------------------

--

This list is provided by the SecurityFocus Security Intelligence Alert

(SIA)

Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please

see:

https://alerts.securityfocus.com/




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Scanning for blank admin passwords on a windows box Jason (Jul 12)
- RE: Scanning for blank admin passwords on a windows box Paul Craig (Jul 13)
- Re: Scanning for blank admin passwords on a windows box Joshua Levitsky (Jul 13)
- Re: Scanning for blank admin passwords on a windows box Anders Thulin (Jul 15)
  - Re: Scanning for blank admin passwords on a windows box Olivier Busolini (Jul 25)
- <Possible follow-ups>
- Re: Scanning for blank admin passwords on a windows box Erwin van der Zwan (Jul 15)
- Re: Scanning for blank admin passwords on a windows box Muhammad Faisal Rauf Danka (Jul 15)