Security Basics mailing list archives
Re: FW: Hydra or network logon cracker for Windows?
From: "Chris Grieger" <grieger.c () googlemail com>
Date: Tue, 24 Oct 2006 23:59:54 +0200
Couldn't you just Nmap your whole Network and dump the IP's of the Windows Machines into a file which you feed into the ENUM.exe via batch(or a small c application)? Regards, Chris 2006/10/24, Mister Dookie <misterdookie () gmail com>:
Hello, Brutus, Cain & Abel, nor John The Ripper really qualify here. ENUM works really well on a single computer (as does NET USE) but iterating through a network of 150-200 computers with even a small password list (say 25-40) would take forever, especially if IPs are dynamic so you have to suffer through LIXUX/UNIX/APPLE machines on the network. In a perfect world, what I really need is a tool that will go out on a subnet (e.g. 192.168.123.1-254), identify what machines are running Microsoft Windows 2K/XP/Server, use NETBIOS/SMB to gather the logins for these boxes (e.g. Administrator, Guest, plus other user accounts) and QUICKLY test for blank passwords along with equally damaging passwords such as the company name and so forth. Is there a tool out there that kind of performs the above, or at least automates ENUM just a bit. Thanks, John On 10/24/06, Isaac Van Name <ivanname () southerlandsleep com> wrote: > IMO and any other network/systems administrator's opinion, letting people > login as Administrator is most definitely a "battle worth fighting". If > you're letting people log in as Administrator, your worries are well beyond > that of a password issue (although I'd be especially worried about your > Admin password, too). That being said, let's get on to the meat of the > conversation. > > I use NetBrute as my bruteforce program of choice in a Windows environment. > By providing the IP address and a network share on the computer (such as > IPC$ or C$, etc.), you can dictate whether the program uses a dictionary > attack (based upon a word list in a text file) or a brute force attack. > Given that, if I were to test for your list of passwords on my network, I > would just create a wordlist with the same structure as the defaults that > come with the program, and just have it contain those words. > > Really, though, on a Windows network, you don't even have to use a password > cracker to test for those passwords. You can just as simply use the Net Use > command from the command line, script it in a batch file to iterate through > your possible passwords, and have it dump the output of a plain Net Use > command into a text file for each user. If it mapped the share, then > they're using one of those passwords. > > > Isaac Van Name > Systems Administrator > Southerland, Inc. > ivanname () southerlandsleep com > > "What good would you do with an ignorant employee? Ignorance is grounds for > dismissal..." - Mario Spinthiras > > Open Source developing at its finest: > "Written in vim, W3C valid and UTF-8 encoded, for her pleasure." > > Disclaimer: This email is intended only to be used to feign intellectual > mastery of a subject or superhuman command of the English language, when > profanity is involved. By reading this email, you are agreeing to cease all > correspondence with the sender upon realizing your own ignorance, and > furthermore to refrain from taking legal action against said sender when > your compounding ignorance crushes your inadequate self-esteem. Have a nice > day. > > Original> -----Original Message----- > Original> From: listbounce () securityfocus com > [mailto:listbounce () securityfocus com] > Original> On Behalf Of Mister Dookie > Original> Sent: Monday, October 23, 2006 10:53 AM > Original> To: security-basics () securityfocus com > Original> Subject: Hydra or network logon cracker for Windows? > Original> > Original> Hello list, > Original> > Original> I am looking for a way to test the computers on my network for > weak > Original> passwords. For instance, say I have the network > (192.168.123.1-254) > Original> for company "Tomcat" and I know most people either login as > Original> "Administrator" (not the best I know but some battles are not > worth > Original> fighting) or the convention of LastName + First Initial. I just > want > Original> to be able to scan the network to make sure people aren't using > the > Original> company name or a simple derivation of the company name as their > Original> password. Therefore, I just want to scan the user names on the > network > Original> against a small list of passwords like Tomcat, Tomcat1, TomCat, > Original> TomCat1, tomcat, tomcat1 and so forth. If people are using the > company > Original> name as the password I can have them change it. That's all I want. > Original> > Original> Is there a good (hopefully freeware but doesn't have to be) > program > Original> out there to help me accomplish this task? > Original> > Original> Thanks, > Original> John > Original> > Original> > --------------------------------------------------------------------------- > Original> This list is sponsored by: Norwich University > Original> > Original> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE > Original> The NSA has designated Norwich University a center of Academic > Original> Excellence > Original> in Information Security. Our program offers unparalleled Infosec > Original> management > Original> education and the case study affords you unmatched consulting > Original> experience. > Original> Using interactive e-Learning technology, you can earn this > esteemed > Original> degree, > Original> without disrupting your career or home life. > Original> > Original> http://www.msia.norwich.edu/secfocus > Original> > --------------------------------------------------------------------------- > Original> > > > --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Hydra or network logon cracker for Windows? Mister Dookie (Oct 23)
- RE: Hydra or network logon cracker for Windows? Murda Mcloud (Oct 24)
- <Possible follow-ups>
- Re: Hydra or network logon cracker for Windows? trashcanmn (Oct 24)
- Re: FW: Hydra or network logon cracker for Windows? Mister Dookie (Oct 24)
- Re: FW: Hydra or network logon cracker for Windows? Chris Grieger (Oct 25)
- Re: FW: Hydra or network logon cracker for Windows? Brian Loe (Oct 25)
- Re: FW: Hydra or network logon cracker for Windows? Chris Grieger (Oct 25)
- FW: Hydra or network logon cracker for Windows? Isaac Van Name (Oct 24)