Re: SMB Brute Force
From: kdillard@prismnet.com
Date: 03/25/03
- Previous message: Harlan Carvey: "Re: SMB Brute Force"
- Maybe in reply to: manssonjohan@telia.com: "SMB Brute Force"
- Next in thread: Kurt: "RE: SMB Brute Force"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 25 Mar 2003 19:22:53 -0000 From: <kdillard@prismnet.com> To: focus-ms@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <20030324231336.6755.qmail@www.securityfocus.com>
What are you trying to accomplish? Are you trying to break into somebody
else's system or are you trying to audit password complexity on systems
that you manage? If its the former than this is probably the wrong place
for you to look for help. If its the latter then there are much better
approaches than trying to connect to network shares via SMB. There are
commercial and freeware tools for doublechecking passwords locally, its
much faster to copy the SAM account database and perform this type of
check locally than to try to do it over the network.
Additionally, if this is what you are trying to accomplish than why would
a dictionary check be unacceptable? The only reason I can imagine anyone
wanting to use a brute force password attack over the network is because
they are trying to gain unauthorized access to systems they don't own.
If you are trying to hack remote machines CIFS may be a better protocol to
use than SMB, and there are a handful of attack tools on the net that do
what you want. If you want to write your own every Win32 programming
language includes libraries for connecting to CIFS and SMB. You could even
do it using a shell script, start with the NET USE command and go from
there.
>SMB Brute Force Utility
>
>I have searched the internet AND all of these forums but I haven't found
>what I'm looking for. I found Brutus, but the SMB part in that prog
didn't
>work.. or at least I couldn't get it to work with win2000 smb shares.
>
>I figured I could write myself my own brute force program, but then I
>realized I couldn't find any info on how to connect to smb shares via a
>programming language or any dlls.
>
>By the way... when I say brute force, I mean brute force - not dictionary
>attacks. And also, I use Windows 2000... but I have access to a RH
>8.0/Debian 3.0 comp. if needed for a util.
>
>Anyone got any ideas on utilities or some other ideas?
>
----------------------------------------------------------------------
Get serious about enterprise anti-spam management.
SurfControl E-mail Filter for SMTP & Exchange
leverages multiple layers of technology to defeat
spam with accuracy. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfmsl1
- Previous message: Harlan Carvey: "Re: SMB Brute Force"
- Maybe in reply to: manssonjohan@telia.com: "SMB Brute Force"
- Next in thread: Kurt: "RE: SMB Brute Force"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
