I got some new pc's in my network, and i done some security testing on them.
1. Portscanned and see if any exploitable ports where open
2. Tryd sql and nt pass scanning whit a large dictionary file.
So far so good, had to change the admin pass on one of em, thats all.
But what i want to do now is to try to bruteforce the nt\sql pass, but i cant find any tools that work 100%, anybody know any?
There must be some cus i had a pc in the network hacked for some months ago, it had only a 5 char long pass, but was only numbers and letters.
Maybe its private?
And is there anything else i should check on them?
Full Version: Testing My Network For Security Holes
well, google for bruteforcing tools. but don't forget that most servers will suspend your ip after trying a certain number of passwords...
hATE TO Say it, but you need nessus.
Also recommend xscan (free) and if Windows, run good ole mbsa, which picks up other stuff some scanners don't. (When I hack a Windows machine, I always run mbsa on it (which requires admin access) cuz it tells you all kinds of good stuff).
Typically, I run multiple scanners and checkers against my boxes as each one looks at the box a bit differently.
See my answer to the nessus server thread for suggestions: http://www.governmentsecurity.org/forum/in...t=0#entry103763
Also recommend xscan (free) and if Windows, run good ole mbsa, which picks up other stuff some scanners don't. (When I hack a Windows machine, I always run mbsa on it (which requires admin access) cuz it tells you all kinds of good stuff).
Typically, I run multiple scanners and checkers against my boxes as each one looks at the box a bit differently.
See my answer to the nessus server thread for suggestions: http://www.governmentsecurity.org/forum/in...t=0#entry103763
Thnx for the answers 
Can anybody recommend me a ipc bruteforcer?
Can anybody recommend me a ipc bruteforcer?
QUOTE(ZoraX @ Dec 17 2004, 12:46 PM)
Thnx for the answers
Can anybody recommend me a ipc bruteforcer?
These tools only support dictionary attacks but i've tested them and they work.Can anybody recommend me a ipc bruteforcer?
Windows IPC in General - NTscan, X-scan
Windows 98 shares only - Pqwak2, XIntruder
I don't have to sites handy but google is ur friend.
I'm not sure if this is the sort of password cracker you mean, but LC5 always worked well for me.
will be to mutch work to go and get hashes of the pc's. so i want to do it from my workstation, so what im looking for is a program like ipcscan, that tests passwords over the network, but ipcscan uses a dictonary, i want one that try to bruteforce the pc.
Anybody know any working ones, found one posted here, but it dident work.
Did some googleing but dident find any usefull exe's
Anybody know any working ones, found one posted here, but it dident work.
Did some googleing but dident find any usefull exe's
QUOTE(reiTan @ Dec 20 2004, 09:21 AM)
QUOTE(ZoraX @ Dec 17 2004, 12:46 PM)
Thnx for the answers
Can anybody recommend me a ipc bruteforcer?
These tools only support dictionary attacks but i've tested them and they work.Can anybody recommend me a ipc bruteforcer?
Windows IPC in General - NTscan, X-scan
Windows 98 shares only - Pqwak2, XIntruder
I don't have to sites handy but google is ur friend.
for ntscan.exe and other scanning tools check this link out:
hxxp://home.hccnet.nl/m3ssi4h.rul3z/
also some sql bruting applications.
cheers nuke.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
