Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: FW: Hydra or network logon cracker for Windows?

from [Brian Loe] Network Security [Permanent Link]
Subject: Re: FW: Hydra or network logon cracker for Windows?
Date: Wed, 25 Oct 2006 12:51:57 -0500 
More simply, on a windows network, why not inforce difficult password rules?

On 10/24/06, Chris Grieger <grieger.c@googlemail.com> wrote: 
Couldn't you just Nmap your whole Network and dump the IP's of the Windows
Machines into a file which you feed into the ENUM.exe via batch(or a small c
application)?

Regards,
Chris

2006/10/24, Mister Dookie <misterdookie@gmail.com>:
> Hello,
>
> Brutus, Cain & Abel, nor John The Ripper really qualify here. ENUM
> works really well on a single computer (as does NET USE) but iterating
> through a network of 150-200 computers with even a small password list
> (say 25-40) would take forever, especially if IPs are dynamic so you
> have to suffer through LIXUX/UNIX/APPLE machines on the network.

<SNIP>

> > I use NetBrute as my bruteforce program of choice in a Windows environment.
> > By providing the IP address and a network share on the computer (such as
> > IPC$ or C$, etc.), you can dictate whether the program uses a dictionary
> > attack (based upon a word list in a text file) or a brute force attack.
> > Given that, if I were to test for your list of passwords on my network, I
> > would just create a wordlist with the same structure as the defaults that
> > come with the program, and just have it contain those words.
> >
> > Really, though, on a Windows network, you don't even have to use a password
> > cracker to test for those passwords.  You can just as simply use the Net Use
> > command from the command line, script it in a batch file to iterate through
> > your possible passwords, and have it dump the output of a plain Net Use
> > command into a text file for each user.  If it mapped the share, then
> > they're using one of those passwords.
> >


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Verifying E-Mail Addresses, Jimmie Jones
Next by Date:  RE: Verifying E-Mail Addresses, Weir, Jason
Previous by Thread:  Re: FW: Hydra or network logon cracker for Windows?, Chris Grieger
Next by Thread:  FW: Hydra or network logon cracker for Windows?, Isaac Van Name
Indexes:  [Date] [Thread] [Top] [All Lists]