From: kim kihong (mao0524@hotmail.com)
Date: Tue Oct 24 2006 - 20:37:11 EDT
enum is very simple!
(http://www.bindview.com/Resources/RAZOR/Files/enum.tar.gz)
If you download it and you compile on Visual studio,
you have to add links "Netapi32.lib Mpr.lib" into <Project-Settings> Menu.
:)
You also create script(.bat or .cmd...) as following,
C:\cmdtools\enum\Release>enum -D -u kyo0n6 -f password.lst 10.10.10.10
username: kyo0n6
dictfile: password.lst
server: 10.10.10.10
(1) kyo0n6 | 12345
return 1326, logon failed:...
(2) kyo0n6 | abc123
return 1326, logon failed:...(3) kyo0n6 | password
return 1326, logon failed:...(4) kyo0n6 | abcd123
password found: abcd337
C:\cmdtools\enum\Release>
Kihong Kim CERT
/SAMSUNG Information Security Center
[¢Ï] 82-2-728-4603 (Time. GMT+9)
[¢Î] 82-10-3126-5364
[e-mail] kihong_kim@samsung.com
>From: "h0W@rD Sh33n" <flee74@gmail.com>
>To: "'Mister Dookie'" <misterdookie@gmail.com>
>CC: <pen-test@securityfocus.com>
>Subject: RE: Hydra For Windows?
>Date: Wed, 25 Oct 2006 08:29:55 -0700
>
>Hydra 4 Win32
>-> http://thc.segfault.net/thc-hydra/
>
>Anyway...as a business-majored pen-tester -_-^
>I would use excel and make script(.bat file???) like below..LOL
>
>net use \\192.168.123.1\IPC$ Tomcat /user:Administrator
>net use \\192.168.123.2\IPC$ Tomcat /user:Administrator
>net use \\192.168.123.3\IPC$ Tomcat /user:Administrator
>net use \\192.168.123.4\IPC$ Tomcat /user:Administrator
>.
>.
>.
>
>
>Just 4 fun..never mind...
>Cheers!
>-----Original Message-----
>From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On
>Behalf Of Mister Dookie
>Sent: Monday, October 23, 2006 8:56 AM
>To: pen-test@securityfocus.com
>Subject: Hydra For Windows?
>
>Hello list,
>
>I am looking for a way to test the computers on my network for weak
>passwords. For instance, say I have the network (192.168.123.1-254)
>for company "Tomcat" and I know most people either login as
>"Administrator" (not the best I know but some battles are not worth
>fighting) or the convention of LastName + First Initial. I just want
>to be able to scan the network to make sure people aren't using the
>company name or a simple derivation of the company name as their
>password. Therefore, I just want to scan the user names on the network
>against a small list of passwords like Tomcat, Tomcat1, TomCat,
>TomCat1, tomcat, tomcat1 and so forth. If people are using the company
>name as the password I can have them change it. That's all I want.
>
>Is there a good (hopefully freeware but doesn't have to be) program
>out there to help me accomplish this task?
>
>Thanks,
>John
>
>------------------------------------------------------------------------
>This List Sponsored by: Cenzic
>
>Need to secure your web apps?
>Cenzic Hailstorm finds vulnerabilities fast.
>Click the link to buy it, try it or download Hailstorm for FREE.
>http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
>0008bOW
>------------------------------------------------------------------------
>
>
>------------------------------------------------------------------------
>This List Sponsored by: Cenzic
>
>Need to secure your web apps?
>Cenzic Hailstorm finds vulnerabilities fast.
>Click the link to buy it, try it or download Hailstorm for FREE.
>http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
>------------------------------------------------------------------------
>
_________________________________________________________________
È®ÀÎÇÏÀÚ. ¿À´ÃÀÇ ¿î¼¼ ¹«·á »çÁÖ, ±ÃÇÕ, ÀÛ¸í, Àü»ý °¡À̵å
http://www.msn.co.kr/fortune/default.asp
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:14 EDT