Re: Nessus question

From: Mike (foor_at_bar.com)
Date: 05/28/03

Next message: Szymon Miotk: "Re: what do you think?"

Previous message: Big Bird: "what do you think?"
In reply to: Sam Pro: "Nessus question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 28 May 2003 07:09:32 GMT

spro1@uic.edu (Sam Pro) wrote in news:fb97d86e.0305271830.9631769
@posting.google.com:

> enumerate netBIOS accounts and then use a dictionary attack against
>

And what about account lockout? You're using account lockout, isn't it? ;-)

Try enum, is a DOS (not DoS!) command line tool that can do the job much
nicer than any other tools I know. You can ever script it.

Other solution will be to dump the SAM of all the machines (for example
using pwdump3) and do an offline password cracking session. Our tool
'Lepton's Crack' (http://usuarios.lycos.es/reinob/) will do a more than
better job discovering empty passwords and dictionary words (you provide
your own dictionary).

Cheers,

-- 
Nekromancer
"El nivel de conocimientos adquiridos es
inversamente proporcional a la temperatura del cafe"

Next message: Szymon Miotk: "Re: what do you think?"

Previous message: Big Bird: "what do you think?"
In reply to: Sam Pro: "Nessus question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]