RE: brute-force with tsgrinder

From: Wayne Dawson (Wayne_Dawson@inventuresolutions.com)
Date: Thu Sep 07 2006 - 11:59:58 EDT

• Next message: Isaac Van Name: "RE: Windows Independant GUI"
• Previous message: infosecpentests@gmail.com: "Launching exploits from C"
• Maybe in reply to: nfanelli@empire.edu: "brute-force with tsgrinder"
• Next in thread: Flavio Toledo: "Re: brute-force with tsgrinder"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Not sure, but what happens when you use the normal windows rdp client,
mstsc.exe, to connect using the same user/password. Does that work?
Just eliminating things...

-----Original Message-----
From: jetzmaru [mailto:chrys.thorsen@comcast.net]
Sent: Monday, September 04, 2006 12:36 PM
To: pen-test@securityfocus.com
Subject: Re: brute-force with tsgrinder

I'm having the same problem as Nicholas. The computer is in a
workgroup, so I put the machine name in as domain. The correct password
still fails. I only put in the username, using -d to put in the
computer name: tsgrinder -w passlist.txt -d testxp -u chrys -b -n 2
192.168.0.2

Please help! Thanks so much!

Nicholas Fanelli wrote:
>
> For those of you who are familiar with TSGRINDER, I would appreciate
> your help.
>
>
>
> I having trouble compromising my remote machines. The target devices
> are on a domain. I have the username (Local\Administrator) and typed
> the current password into the dictionary file (Wordlist.txt). Then
> open a cmd-line, browse to my executable and type the following
string:
>
>
>
> tsgrinder.exe -w wordlist.txt -b -n 1 -D 8 192.168.x.x
>
>
>
> A RDP session opens and attempts the passwords within my dictionary
> (the correct password is third down on my list) but when it trys the
> right password it responds with a "Failed"??
>
>
>
> I checked the local administrator account to verify it was not locked
out.
> Not sure what else to try??
>
>
>
> Any help is appreciated!
>
> ----------------------------------------------------------------------
> --
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php
> ----------------------------------------------------------------------
> --
>
>
>

--
View this message in context:
http://www.nabble.com/brute-force-with-tsgrinder-tf2129274.html#a6140801
Sent from the Penetration Testing forum at Nabble.com.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom they are addressed. If you have received this email in error, please delete this email from your system.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

• Next message: Isaac Van Name: "RE: Windows Independant GUI"
• Previous message: infosecpentests@gmail.com: "Launching exploits from C"
• Maybe in reply to: nfanelli@empire.edu: "brute-force with tsgrinder"
• Next in thread: Flavio Toledo: "Re: brute-force with tsgrinder"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:55 EDT