From: Lee Lawson (leejlawson@gmail.com)
Date: Wed Oct 25 2006 - 04:19:42 EDT
You could just use the MS-DOS scripting capability. Create a text
file (in this example password.txt in the root of C:) in which you
have a list of passwords, one per line. then use the following syntax
in the command prompt:
FOR /F "tokens=1*" %i in (c:\passwords.txt) do net use
\\192.168.1.100\c$ "%i" /u:"Administrator"
This will only work for the Admininstrator account as other user level
accounts may lock out.
When you hit enter, you will loop through the 'net use' command until
the end of the passwords. You will need to go back through the output
and find the line that says:
C:\>net use \\10.1.1.167\c$ "password" /u:"Administrator"
The command completed successfully.
There are plenty of other tools that can do this kind of thing, but
this keeps it simple and stops hacking/cracking tools being installed
on your network.
later,
On 10/25/06, pand0ra <pand0ra.usa@gmail.com> wrote:
> I don't know what application you are looking to test but you can try
> using Brutus for something along those lines. Or a Perl script if that
> dosn't jive for you.
>
> On 10/23/06, Mister Dookie <misterdookie@gmail.com> wrote:
> > Hello list,
> >
> > I am looking for a way to test the computers on my network for weak
> > passwords. For instance, say I have the network (192.168.123.1-254)
> > for company "Tomcat" and I know most people either login as
> > "Administrator" (not the best I know but some battles are not worth
> > fighting) or the convention of LastName + First Initial. I just want
> > to be able to scan the network to make sure people aren't using the
> > company name or a simple derivation of the company name as their
> > password. Therefore, I just want to scan the user names on the network
> > against a small list of passwords like Tomcat, Tomcat1, TomCat,
> > TomCat1, tomcat, tomcat1 and so forth. If people are using the company
> > name as the password I can have them change it. That's all I want.
> >
> > Is there a good (hopefully freeware but doesn't have to be) program
> > out there to help me accomplish this task?
> >
> > Thanks,
> > John
> >
> > ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> > ------------------------------------------------------------------------
> >
> >
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>
-- Lee J Lawson leejlawson@gmail.com leejlawson@hushmail.com "Give a man a fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life." "Quidquid latine dictum sit, altum sonatur." ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:14 EDT