RE: Using smbbf

From: Michael Gargiullo (mgargiullo@pvtpt.com)
Date: Fri Sep 30 2005 - 09:31:07 EDT

• Next message: Base64: "Re: Using smbbf"
• Previous message: Dean H. Saxe: "Re: How to check for SSL1 ?"
• Maybe in reply to: dissolved@comcast.net: "Using smbbf"
• Next in thread: Base64: "Re: Using smbbf"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----Original Message-----
From: dissolved@comcast.net [mailto:dissolved@comcast.net]
Sent: Wednesday, September 28, 2005 2:06 PM
To: pen-test@securityfocus.com
Subject: Using smbbf

Hi, I'm trying to password audit a windows 2000 machine across the
network.
I'm using smbbf to do this (windows version). Here is the issue I am
having:
 
The syntax I'm using is:
 
Smbbf -i 192.168.2.10 -u userlist.txt -p passwords.txt -v
 
This appears to do a dictionary attack, when I really wanted to do a
brute
force. I already know the passwords on the target machine, and they are
not
dictionary words.
 
Is there a way to make smbbf use every keystroke, instead of reading
from a
password file like I have done above? If not, can someone recommend a
free tool
that can accomplish this?
 
Thanks
dissolved

------------------------------------------------------------------------

----
May I ask why your trying to brute force the passwords if you already
know them?
If the goal is to test the length of time it would take to crack the
passwords, use pwdump to grab the SAM, and run it through john the
ripper or LC5.  Hell LC5 utilizing a full rainbow tables set will crack
99.99% of all passwords in just a few hours.  Granted a full rainbow
table set is over 50Gb.
-Mike
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Base64: "Re: Using smbbf"
• Previous message: Dean H. Saxe: "Re: How to check for SSL1 ?"
• Maybe in reply to: dissolved@comcast.net: "Using smbbf"
• Next in thread: Base64: "Re: Using smbbf"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:01 EDT