Penetration Testing mailing list archives
RE: Using smbbf
From: Michael Gargiullo <mgargiullo () pvtpt com>
Date: Fri, 30 Sep 2005 09:31:07 -0400
-----Original Message----- From: dissolved () comcast net [mailto:dissolved () comcast net] Sent: Wednesday, September 28, 2005 2:06 PM To: pen-test () securityfocus com Subject: Using smbbf Hi, I'm trying to password audit a windows 2000 machine across the network. I'm using smbbf to do this (windows version). Here is the issue I am having: The syntax I'm using is: Smbbf -i 192.168.2.10 -u userlist.txt -p passwords.txt -v This appears to do a dictionary attack, when I really wanted to do a brute force. I already know the passwords on the target machine, and they are not dictionary words. Is there a way to make smbbf use every keystroke, instead of reading from a password file like I have done above? If not, can someone recommend a free tool that can accomplish this? Thanks dissolved ------------------------------------------------------------------------ ---- May I ask why your trying to brute force the passwords if you already know them? If the goal is to test the length of time it would take to crack the passwords, use pwdump to grab the SAM, and run it through john the ripper or LC5. Hell LC5 utilizing a full rainbow tables set will crack 99.99% of all passwords in just a few hours. Granted a full rainbow table set is over 50Gb. -Mike ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Using smbbf Michael Gargiullo (Oct 01)
- <Possible follow-ups>
- Re: Using smbbf Base64 (Oct 01)