RE: Hydra For Windows?

["kim kihong" <mao0524 () hotmail com>]

enum is very simple!
(http://www.bindview.com/Resources/RAZOR/Files/enum.tar.gz)

If you download it and you compile on Visual studio, 
you have to add links "Netapi32.lib  Mpr.lib" into <Project-Settings> Menu. 
:)

You also create script(.bat or .cmd...) as following,

C:\cmdtools\enum\Release>enum -D -u kyo0n6 -f password.lst 10.10.10.10
username: kyo0n6
dictfile: password.lst
server: 10.10.10.10
(1) kyo0n6 | 12345
return 1326, logon failed:...
(2) kyo0n6 | abc123
return 1326, logon failed:...(3) kyo0n6 | password
return 1326, logon failed:...(4) kyo0n6 | abcd123
password found: abcd337

C:\cmdtools\enum\Release>



Kihong Kim  CERT
/SAMSUNG Information Security Center
[☎] 82-2-728-4603 (Time. GMT+9)
[☏] 82-10-3126-5364
[e-mail] kihong_kim () samsung com 







> From: "h0W@rD Sh33n" <flee74 () gmail com>
> To: "'Mister Dookie'" <misterdookie () gmail com>
> CC: <pen-test () securityfocus com>
> Subject: RE: Hydra For Windows?
> Date: Wed, 25 Oct 2006 08:29:55 -0700
>
> Hydra 4 Win32
> -> http://thc.segfault.net/thc-hydra/
>
> Anyway...as a business-majored pen-tester -_-^
> I would use excel and make script(.bat file???) like below..LOL
>
> net use \\192.168.123.1\IPC$ Tomcat /user:Administrator
> net use \\192.168.123.2\IPC$ Tomcat /user:Administrator
> net use \\192.168.123.3\IPC$ Tomcat /user:Administrator
> net use \\192.168.123.4\IPC$ Tomcat /user:Administrator
> .
> .
> .
>
>
> Just 4 fun..never mind...
> Cheers!
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] 
On
> Behalf Of Mister Dookie
> Sent: Monday, October 23, 2006 8:56 AM
> To: pen-test () securityfocus com
> Subject: Hydra For Windows?
>
> Hello list,
>
> I am looking for a way to test the computers on my network for weak
> passwords. For instance, say I have the network (192.168.123.1-254)
> for company "Tomcat" and I know most people either login as
> "Administrator" (not the best I know but some battles are not worth
> fighting) or the convention of LastName + First Initial. I just want
> to be able to scan the network to make sure people aren't using the
> company name or a simple derivation of the company name as their
> password. Therefore, I just want to scan the user names on the network
> against a small list of passwords like Tomcat, Tomcat1, TomCat,
> TomCat1, tomcat, tomcat1 and so forth. If people are using the company
> name as the password I can have them change it. That's all I want.
>
> Is there a good (hopefully freeware but doesn't have to be) program
> out there to help me accomplish this task?
>
> Thanks,
> John
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000

> 0008bOW
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW

> ------------------------------------------------------------------------

_________________________________________________________________
확인하자. 오늘의 운세 무료 사주, 궁합, 작명, 전생 가이드   
http://www.msn.co.kr/fortune/default.asp  


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------