hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > System Security > Windows Systems
ZoraX
Dec 17 2004, 12:14 PM
I got some new pc's in my network, and i done some security testing on them.

1. Portscanned and see if any exploitable ports where open
2. Tryd sql and nt pass scanning whit a large dictionary file.

So far so good, had to change the admin pass on one of em, thats all.

But what i want to do now is to try to bruteforce the nt\sql pass, but i cant find any tools that work 100%, anybody know any?
There must be some cus i had a pc in the network hacked for some months ago, it had only a 5 char long pass, but was only numbers and letters.
Maybe its private?

And is there anything else i should check on them?
belgther
Dec 17 2004, 12:22 PM
well, google for bruteforcing tools. but don't forget that most servers will suspend your ip after trying a certain number of passwords...
beardednose
Dec 17 2004, 03:58 PM
hATE TO Say it, but you need nessus.

Also recommend xscan (free) and if Windows, run good ole mbsa, which picks up other stuff some scanners don't. (When I hack a Windows machine, I always run mbsa on it (which requires admin access) cuz it tells you all kinds of good stuff).

Typically, I run multiple scanners and checkers against my boxes as each one looks at the box a bit differently.

See my answer to the nessus server thread for suggestions: http://www.governmentsecurity.org/forum/in...t=0#entry103763
ZoraX
Dec 17 2004, 05:46 PM
Thnx for the answers smile.gif
Can anybody recommend me a ipc bruteforcer?
reiTan
Dec 20 2004, 09:21 AM
QUOTE(ZoraX @ Dec 17 2004, 12:46 PM)
Thnx for the answers smile.gif
Can anybody recommend me a ipc bruteforcer?
*

These tools only support dictionary attacks but i've tested them and they work.
Windows IPC in General - NTscan, X-scan

Windows 98 shares only - Pqwak2, XIntruder

I don't have to sites handy but google is ur friend.
Zonko
Dec 20 2004, 11:51 AM
I'm not sure if this is the sort of password cracker you mean, but LC5 always worked well for me.
Digital_Spirit
Dec 20 2004, 12:29 PM
Cain and Abel is a good program. You can find it here:
http://oxid.it blink.gif
ZoraX
Dec 22 2004, 02:54 PM
will be to mutch work to go and get hashes of the pc's. so i want to do it from my workstation, so what im looking for is a program like ipcscan, that tests passwords over the network, but ipcscan uses a dictonary, i want one that try to bruteforce the pc.

Anybody know any working ones, found one posted here, but it dident work.
Did some googleing but dident find any usefull exe's sad.gif
NuKer
Dec 27 2004, 11:16 PM
QUOTE(reiTan @ Dec 20 2004, 09:21 AM)
QUOTE(ZoraX @ Dec 17 2004, 12:46 PM)
Thnx for the answers smile.gif
Can anybody recommend me a ipc bruteforcer?
*

These tools only support dictionary attacks but i've tested them and they work.
Windows IPC in General - NTscan, X-scan

Windows 98 shares only - Pqwak2, XIntruder

I don't have to sites handy but google is ur friend.
*



for ntscan.exe and other scanning tools check this link out:
hxxp://home.hccnet.nl/m3ssi4h.rul3z/

also some sql bruting applications.

cheers nuke.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.