RE: Scanning for blank admin passwords on a windows box

["Paul Craig" <pimp () brainwave net nz>]

The easy way to do it (although not multithreaded, or fast) would be to
use nbtdump in conjunction with a little bat/sh script looping all
addresses. Ie: nbtdump $1, then simply cat *.html |grep "password is"

Or the windows equiv of grep (or just use windows search/contains)
Nbtdump will attempt to connect to null shares and check for user/"",
user/user and user/password.

Handy, but it often fails on matching some accounts and isn't really
that fast.

Nbtdump is on foundstone, originally made by David Litchfield
(www.cerberus-infosec.co.uk)

Hope this helps some..


-----Original Message-----
From: Jason [mailto:cisspstudy () yahoo com] 
Sent: Friday, July 12, 2002 1:51 PM
To: pen-test () securityfocus com
Subject: Scanning for blank admin passwords on a windows box



I am looking for a fast multithreaded tool that can scan a range of IP 

addresses and look for blank administrator (or other user accounts) 

passwords on a windows NT/2000 server.



If it can also try the username as password, server name as password
that 

would also be nice.



Doing blank password scanning using the following command line syntax is


driving me crazy!



FOR /L %i IN (1,1,254) DO net use \\XX.XX.XX.%i\IPC$ "" /u:Administrator



Any help appreciated.



Jason

------------------------------------------------------------------------
----
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/