From: Joshua Levitsky (jlevitsk@joshie.com)
Date: Fri Jul 12 2002 - 20:35:39 EDT
I know Nessus (www.nessus.org) can identify machines capable of having Null
passwords. If there isn't a test already to try accounts with blank
passwords it would be trivial to write a script for Nessus to do the test
you want.
-- Joshua Levitsky, MCSE, CISSP, EMTD Desktop Systems Engineer AOL Time Warner ----- Original Message ----- From: "Jason" <cisspstudy@yahoo.com> To: <pen-test@securityfocus.com> Sent: Thursday, July 11, 2002 9:51 PM Subject: Scanning for blank admin passwords on a windows box > > > I am looking for a fast multithreaded tool that can scan a range of IP > > addresses and look for blank administrator (or other user accounts) > > passwords on a windows NT/2000 server. > > > > If it can also try the username as password, server name as password that > > would also be nice. > > > > Doing blank password scanning using the following command line syntax is > > driving me crazy! > > > > FOR /L %i IN (1,1,254) DO net use \\XX.XX.XX.%i\IPC$ "" /u:Administrator > > > > Any help appreciated. > > > > Jason > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT