hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Bruteforcing Nt Pass
GovernmentSecurity.org > The Archives > Exploit Articles
extreme
Mar 24 2004, 04:47 PM
I have recenlty bumped into RPC exploit version that doesn't leave logs while attempting to scan and get into mashine.. So I was wondering if there is a bruteforce cracker for NT passes, which doesn't leave logs..?
willywutz
Mar 24 2004, 05:52 PM
Enum+ is a NTPass bruteforcer ( Often discussed on this forum )
If you found the right password you can use tools to delete eventlogger entrys.
Because u have the full control about the machine ( suggest you bruteforced admin. account )
But if not all the failed tryīs are logged
On the other hand i saw a lot of misconfigured machines they donīt log successfully or failed logins.

So I think a bruteforcer that direclty delete log entrys issnīt necessary.



pdf
Mar 24 2004, 06:30 PM
i wonder how to make it in vb! (brutforce ntpass)

any ideas?
predx
Mar 24 2004, 06:56 PM
im not sure but check out WMI nt password cracking...
w0bbes
Mar 24 2004, 07:00 PM
hmm, its weird though, leaving no logs at all, any links around?
yuliang11
Mar 26 2004, 01:04 AM
QUOTE
i wonder how to make it in vb! (brutforce ntpass)

any ideas?


there's netbios api below. where u can connect to netbios. and then u can put some brute forcing algorithm on it. cheers


Private Declare Function WNetAddConnection2 Lib "mpr.dll" Alias "WNetAddConnection2A" (lpNetResource As NETRESOURCE, ByVal lpPassword As String, ByVal lpUsername As String, ByVal dwFlags As Long) As Long
Private Declare Function WNetCancelConnection2 Lib "mpr.dll" Alias "WNetCancelConnection2A" (ByVal lpName As String, ByVal dwFlags As Long, ByVal fForce As Long) As Long
Private Declare Function WNetGetUser Lib "mpr.dll" Alias "WNetGetUserA" (ByVal lpName As String, ByVal lpUsername As String, lpnLength As Long) As Long
Private Declare Function WNetGetConnection Lib "mpr.dll" Alias "WNetGetConnectionA" (ByVal lpszLocalName As String, ByVal lpszRemoteName As String, cbRemoteName As Long) As Long
Private Declare Function WNetConnectionDialog Lib "mpr.dll" (ByVal hwnd As Long, ByVal dwType As Long) As Long
Private Declare Function WNetDisconnectDialog Lib "mpr.dll" (ByVal hwnd As Long, ByVal dwType As Long) As Long
strohunter
Mar 29 2004, 06:51 PM
ipcscan uses this API
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.