Re: Pentesting Network Share Access via wireless

---

• From: Dean De Beer <dean@xxxxxxxxxxxxxx>
• Date: Sun, 01 Jan 2006 19:52:24 -0500

---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Download and install Enum on you computer. It will enumerate user
lists, share lists, LSA Config, Pswd policy, etc... using a null session.

Use the -D flag for basic dictionary attacks across the network. You
will need a dictionary file. Google can help you find one.

At the cmd prompt type:

enum -D -u [username] -f [dictionary file] [remote/target ip]

Also, in WinXP the RestrictAnonymous Registry key default value is 0
but this may have been changed locally or via Group Policy to prevent
Null Sessions.

use:

net use \\ipaddress or hostname\ipc$ "" /u:""

if you can establish a session then you can use Enum. Don't forget to
drop the session before using Enum.

good luck,

- -Dean

>
>
> -----Original Message----- From: sherwyn williams
> [mailto:s-williams@xxxxxxxxxx] Sent: Saturday, December 31, 2005
> 8:11 AM To: pen-test@xxxxxxxxxxxxxxxxx Subject: Pentesting Network
> Share Access via wireless
>
>
> Hi All, While doing a pen-test on a wireless network, I noticed
> that the router was not configured properly, and was giving out IP
> addresses to everyone. Now after noticing all the host pc's on the
> network with nmap -sP, my question is if I don't know the passwords
> for any of the host what is the best way to do a dictionary attempt
> on the guest, or administrator accounts. All the internal host are
> windows XP.
>
> Thanks in advance, all help is welcomed.
>
>
> ----------------------------------------------------------------------------
> -- Audit your website security with Acunetix Web Vulnerability
> Scanner:
>
> Hackers are concentrating their efforts on attacking applications
> on your website. Up to 75% of cyber attacks are launched on
> shopping carts, forms, login pages, dynamic content etc. Firewalls,
> SSL and locked-down servers are
>
> futile against web application hacking. Check your website for
> vulnerabilities to SQL injection, Cross site scripting and other
> web attacks before hackers do! Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ----------------------------------------------------------------------------
> ---
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability
> Scanner:
>
> Hackers are concentrating their efforts on attacking applications
> on your website. Up to 75% of cyber attacks are launched on
> shopping carts, forms, login pages, dynamic content etc. Firewalls,
> SSL and locked-down servers are futile against web application
> hacking. Check your website for vulnerabilities to SQL injection,
> Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDuHlIESPBWox2eeMRAp1EAKDR6WnQtAh1x2IK70XYD1wi4eWDMQCghQkj
7MTty+304AKAs046CDAxaKA=
=n7Ip
-----END PGP SIGNATURE-----



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

---

• Follow-Ups:
  • Re: Pentesting Network Share Access via wireless
    • From: Thor (Hammer of God)

• References:
  • RE: Pentesting Network Share Access via wireless
    • From: Inspiration

• Prev by Date: RE: Pentesting Network Share Access via wireless
• Next by Date: Re: Pentesting Network Share Access via wireless
• Previous by thread: RE: Pentesting Network Share Access via wireless
• Next by thread: Re: Pentesting Network Share Access via wireless
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: PGP 9.0 ... Here you may download the latest ... freeware PGP version for your platform. ... >>Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ... (Pen-Test) RE: superscan on win2k vs winxp ... superscan on win2k vs winxp ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ... Download Trial at: ... (Pen-Test) RE: database scanning tools ... You can download an evaluation version and give it test run. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ... (Pen-Test) RE: superscan on win2k vs winxp ... On nmap.org you'll be able to download the latest nmap which is ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ... (Pen-Test) RE: Pre-Scanning for Marketing ... installer there were some Security issue, ... vulnerabilities are easily and efficiently identified. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ... (Pen-Test)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)