How would i go about scanning for NT vulns with any of the scan*.exe series?

Im guessing you have to scan a certain port but which is it?

Thanks. Wavid

455 or 3389 are two of them, there is one more I forget

so there is not one port to scan for nt?

and will it only return Administrator accounts or any type of account that is vuln?

Wavid

i guess its vulnerable from several ports, I scanned port 445 with scan500 and then checked with xscan, but not many nt pass vulnerable computers around now

Is using the scan series the best thing to use to scan nt? or is there a better program?

ipcscan.exe is the best for NT, search for it and you will find it

There're 3 ports for NT correct me if im wrong

-445 this is usually used by large companies
-3389 this is the standard port for NT
-139 this port is used by university's.

and yep i agree ipscan is the best for NT i recommend u to use version 1.5 or 1.6 i know there's a 2.0 version but it has a bug with the ipcuser.dic so you'll get alot of false results.

Good luck with it

ipcscan has a lot a bug and it crach too much

u should use ntscann

or fxscanner for remote purposes...


ntscann is very great and many more efficient than ipcsan.

and when u have your scanner, don't forget to change your tuples or users by a biggest.


sorry 4 my english but i don't speak it usually

Wave[e] you are right about those being the ports but you have misunderstood their applications.

Port 139 is the default NetBios port.. this port allows all three types of authentication commonly accepted by NT (depending on which have been enabled)
Port 445 is the alternative port for the MS SMB service, which also represents file sharing capabilities and accepts share accounts (which have been enabled)
Port 1389 corresponds to the document manager service which controls remote access to resources such as 'Shared Documents' when remote shres are allowed.

Scanning for port 1389 therefore is most likely to give you results which allow remote logon. If you scan port 139 (most commonly scanned NT port after port 80) and you brute force an admin password for example, you MAY face problems when you try to login remotely if remote sharing is not allowed (you can still complete the login process but the login is then revoked with error message 'Network Path Not Found'). Port 445 is just a less commonly allowed port for this service, although it commonly is open even when there are no shares present on the system.

As for scanning tools, scan100.exe, scan500.exe and scan1000.exe shouldn't be in the public domain, I should know as MaXxX wrote them and he only released them to my group and one other (which wasnt this one).
I recommend using sfind.exe anyway for NT passes and setting the threads at about 250. Then AFTER you have compiled a list of IPs using sfind.exe, edit out everything but the IPs and use that file as an IPlist for IPCscan.exe

IPCScan(-gui).exe is only for Win NT and 2k?
What Scanner du u use for Win XP (to scan for weak passwords)? I think with Scan1000 this doesn't work, or am i wrong?

thx

Hey people. Did anyone have a source code for Sfind or any other program from scan*.exe family ? I'm looking for it very long time and i cant find. Please help me.

heheh Sorry RepOne but those tools by MaXxX are so far spread on so many 100's of sites (if not 1000's) I think it is funny to hear someone say it's a pvt tool ....maybe in ages past m8