From: Paul Craig (pimp@brainwave.net.nz)
Date: Sat Jul 13 2002 - 01:04:09 EDT
The easy way to do it (although not multithreaded, or fast) would be to
use nbtdump in conjunction with a little bat/sh script looping all
addresses. Ie: nbtdump $1, then simply cat *.html |grep "password is"
Or the windows equiv of grep (or just use windows search/contains)
Nbtdump will attempt to connect to null shares and check for user/"",
user/user and user/password.
Handy, but it often fails on matching some accounts and isn't really
that fast.
Nbtdump is on foundstone, originally made by David Litchfield
(www.cerberus-infosec.co.uk)
Hope this helps some..
-----Original Message-----
From: Jason [mailto:cisspstudy@yahoo.com]
Sent: Friday, July 12, 2002 1:51 PM
To: pen-test@securityfocus.com
Subject: Scanning for blank admin passwords on a windows box
I am looking for a fast multithreaded tool that can scan a range of IP
addresses and look for blank administrator (or other user accounts)
passwords on a windows NT/2000 server.
If it can also try the username as password, server name as password
that
would also be nice.
Doing blank password scanning using the following command line syntax is
driving me crazy!
FOR /L %i IN (1,1,254) DO net use \\XX.XX.XX.%i\IPC$ "" /u:Administrator
Any help appreciated.
Jason
------------------------------------------------------------------------
---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT