Re: FW: Hydra or network logon cracker for Windows?

["Mister Dookie" <misterdookie () gmail com>]

Hello,

Brutus, Cain & Abel, nor John The Ripper really qualify here. ENUM
works really well on a single computer (as does NET USE) but iterating
through a network of 150-200 computers with even a small password list
(say 25-40) would take forever, especially if IPs are dynamic so you
have to suffer through LIXUX/UNIX/APPLE machines on the network.

In a perfect world, what I really need is a tool that will go out on a
subnet (e.g. 192.168.123.1-254), identify what machines are running
Microsoft Windows 2K/XP/Server, use NETBIOS/SMB to gather the logins
for these boxes (e.g. Administrator, Guest, plus other user accounts)
and QUICKLY test for blank passwords along with equally damaging
passwords such as the company name and so forth.

Is there a tool out there that kind of performs the above, or at least
automates ENUM just a bit.

Thanks,
John

On 10/24/06, Isaac Van Name <ivanname () southerlandsleep com> wrote:
> IMO and any other network/systems administrator's opinion, letting people
> login as Administrator is most definitely a "battle worth fighting".  If
> you're letting people log in as Administrator, your worries are well beyond
> that of a password issue (although I'd be especially worried about your
> Admin password, too).  That being said, let's get on to the meat of the
> conversation.
>
> I use NetBrute as my bruteforce program of choice in a Windows environment.
> By providing the IP address and a network share on the computer (such as
> IPC$ or C$, etc.), you can dictate whether the program uses a dictionary
> attack (based upon a word list in a text file) or a brute force attack.
> Given that, if I were to test for your list of passwords on my network, I
> would just create a wordlist with the same structure as the defaults that
> come with the program, and just have it contain those words.
>
> Really, though, on a Windows network, you don't even have to use a password
> cracker to test for those passwords.  You can just as simply use the Net Use
> command from the command line, script it in a batch file to iterate through
> your possible passwords, and have it dump the output of a plain Net Use
> command into a text file for each user.  If it mapped the share, then
> they're using one of those passwords.
>
>
> Isaac Van Name
> Systems Administrator
> Southerland, Inc.
> ivanname () southerlandsleep com
>
> "What good would you do with an ignorant employee? Ignorance is grounds for
> dismissal..." - Mario Spinthiras
>
> Open Source developing at its finest:
> "Written in vim, W3C valid and UTF-8 encoded, for her pleasure."
>
> Disclaimer:  This email is intended only to be used to feign intellectual
> mastery of a subject or superhuman command of the English language, when
> profanity is involved.  By reading this email, you are agreeing to cease all
> correspondence with the sender upon realizing your own ignorance, and
> furthermore to refrain from taking legal action against said sender when
> your compounding ignorance crushes your inadequate self-esteem.  Have a nice
> day.
>
> Original> -----Original Message-----
> Original> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com]
> Original> On Behalf Of Mister Dookie
> Original> Sent: Monday, October 23, 2006 10:53 AM
> Original> To: security-basics () securityfocus com
> Original> Subject: Hydra or network logon cracker for Windows?
> Original>
> Original> Hello list,
> Original>
> Original> I am looking for a way to test the computers on my network for
> weak
> Original> passwords. For instance, say I have the network
> (192.168.123.1-254)
> Original> for company "Tomcat" and I know most people either login as
> Original> "Administrator" (not the best I know but some battles are not
> worth
> Original> fighting) or the convention of LastName + First Initial. I just
> want
> Original> to be able to scan the network to make sure people aren't using
> the
> Original> company name or a simple derivation of the company name as their
> Original> password. Therefore, I just want to scan the user names on the
> network
> Original> against a small list of passwords like Tomcat, Tomcat1, TomCat,
> Original> TomCat1, tomcat, tomcat1 and so forth. If people are using the
> company
> Original> name as the password I can have them change it. That's all I want.
> Original>
> Original> Is there a good (hopefully freeware but doesn't have to be)
> program
> Original> out there to help me accomplish this task?
> Original>
> Original> Thanks,
> Original> John
> Original>
> Original>
> ---------------------------------------------------------------------------
> Original> This list is sponsored by: Norwich University
> Original>
> Original> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> Original> The NSA has designated Norwich University a center of Academic
> Original> Excellence
> Original> in Information Security. Our program offers unparalleled Infosec
> Original> management
> Original> education and the case study affords you unmatched consulting
> Original> experience.
> Original> Using interactive e-Learning technology, you can earn this
> esteemed
> Original> degree,
> Original> without disrupting your career or home life.
> Original>
> Original> http://www.msia.norwich.edu/secfocus
> Original>
> ---------------------------------------------------------------------------
> Original>

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------