From: Dean De Beer (dean@indigodark.com)
Date: Sun Jan 01 2006 - 19:52:24 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Download and install Enum on you computer. It will enumerate user
lists, share lists, LSA Config, Pswd policy, etc... using a null session.
Use the -D flag for basic dictionary attacks across the network. You
will need a dictionary file. Google can help you find one.
At the cmd prompt type:
enum -D -u [username] -f [dictionary file] [remote/target ip]
Also, in WinXP the RestrictAnonymous Registry key default value is 0
but this may have been changed locally or via Group Policy to prevent
Null Sessions.
use:
net use \\ipaddress or hostname\ipc$ "" /u:""
if you can establish a session then you can use Enum. Don't forget to
drop the session before using Enum.
good luck,
- -Dean
>
>
> -----Original Message----- From: sherwyn williams
> [mailto:s-williams@nyc.rr.com] Sent: Saturday, December 31, 2005
> 8:11 AM To: pen-test@securityfocus.com Subject: Pentesting Network
> Share Access via wireless
>
>
> Hi All, While doing a pen-test on a wireless network, I noticed
> that the router was not configured properly, and was giving out IP
> addresses to everyone. Now after noticing all the host pc's on the
> network with nmap -sP, my question is if I don't know the passwords
> for any of the host what is the best way to do a dictionary attempt
> on the guest, or administrator accounts. All the internal host are
> windows XP.
>
> Thanks in advance, all help is welcomed.
>
>
> ----------------------------------------------------------------------------
> -- Audit your website security with Acunetix Web Vulnerability
> Scanner:
>
> Hackers are concentrating their efforts on attacking applications
> on your website. Up to 75% of cyber attacks are launched on
> shopping carts, forms, login pages, dynamic content etc. Firewalls,
> SSL and locked-down servers are
>
> futile against web application hacking. Check your website for
> vulnerabilities to SQL injection, Cross site scripting and other
> web attacks before hackers do! Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ----------------------------------------------------------------------------
> ---
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability
> Scanner:
>
> Hackers are concentrating their efforts on attacking applications
> on your website. Up to 75% of cyber attacks are launched on
> shopping carts, forms, login pages, dynamic content etc. Firewalls,
> SSL and locked-down servers are futile against web application
> hacking. Check your website for vulnerabilities to SQL injection,
> Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iD8DBQFDuHlIESPBWox2eeMRAp1EAKDR6WnQtAh1x2IK70XYD1wi4eWDMQCghQkj
7MTty+304AKAs046CDAxaKA=
=n7Ip
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:18 EDT