Security Basics mailing list archives
Re: FW: Hydra or network logon cracker for Windows?
From: "Brian Loe" <knobdy () gmail com>
Date: Wed, 25 Oct 2006 12:51:57 -0500
More simply, on a windows network, why not inforce difficult password rules? On 10/24/06, Chris Grieger <grieger.c () googlemail com> wrote:
Couldn't you just Nmap your whole Network and dump the IP's of the Windows Machines into a file which you feed into the ENUM.exe via batch(or a small c application)? Regards, Chris 2006/10/24, Mister Dookie <misterdookie () gmail com>: > Hello, > > Brutus, Cain & Abel, nor John The Ripper really qualify here. ENUM > works really well on a single computer (as does NET USE) but iterating > through a network of 150-200 computers with even a small password list > (say 25-40) would take forever, especially if IPs are dynamic so you > have to suffer through LIXUX/UNIX/APPLE machines on the network.
<SNIP>
> > I use NetBrute as my bruteforce program of choice in a Windows environment. > > By providing the IP address and a network share on the computer (such as > > IPC$ or C$, etc.), you can dictate whether the program uses a dictionary > > attack (based upon a word list in a text file) or a brute force attack. > > Given that, if I were to test for your list of passwords on my network, I > > would just create a wordlist with the same structure as the defaults that > > come with the program, and just have it contain those words. > > > > Really, though, on a Windows network, you don't even have to use a password > > cracker to test for those passwords. You can just as simply use the Net Use > > command from the command line, script it in a batch file to iterate through > > your possible passwords, and have it dump the output of a plain Net Use > > command into a text file for each user. If it mapped the share, then > > they're using one of those passwords. > >
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Hydra or network logon cracker for Windows? Mister Dookie (Oct 23)
- RE: Hydra or network logon cracker for Windows? Murda Mcloud (Oct 24)
- <Possible follow-ups>
- Re: Hydra or network logon cracker for Windows? trashcanmn (Oct 24)
- Re: FW: Hydra or network logon cracker for Windows? Mister Dookie (Oct 24)
- Re: FW: Hydra or network logon cracker for Windows? Chris Grieger (Oct 25)
- Re: FW: Hydra or network logon cracker for Windows? Brian Loe (Oct 25)
- Re: FW: Hydra or network logon cracker for Windows? Chris Grieger (Oct 25)
- FW: Hydra or network logon cracker for Windows? Isaac Van Name (Oct 24)