Full Version: How Does A Ipcshare Scanner Get The Sam File Pass
i am just wondering how does a ipc scanner really work , it trys to connect to the port first then logins with the account its made ,would it not be possible to make a scanner that could get each letter by sending diferent types of bytes back to you and diferent senqences of bytes means 1 letter , must be some coder out there than can do this
1)ipscan trys to connect on host netbios port
2)reads from user.dic to attempt to login as this user
3)reads from pass.dic to attempt to use this password,
this process is called bruteforcing, it doesnt extacly "get the sam file"
2)reads from user.dic to attempt to login as this user
3)reads from pass.dic to attempt to use this password,
this process is called bruteforcing, it doesnt extacly "get the sam file"
| QUOTE |
| would it not be possible to make a scanner that could get each letter |
could u be more detailed????¿
would it not be possible to make a scanner that could get each letter
could u be more detailed????¿
ok i mean
someway or another scan for each letter instead of the full password and username
not scan the full user or password but scan the letters that make them , so if the letter A s in the user name the scanner will show its in there , of course u will need A in your dic files as well
but this might have to be a totally diferent scanner
could u be more detailed????¿
ok i mean
someway or another scan for each letter instead of the full password and username
not scan the full user or password but scan the letters that make them , so if the letter A s in the user name the scanner will show its in there , of course u will need A in your dic files as well
but this might have to be a totally diferent scanner
Yes it's possible. It's called brute forcing but if your thinking of brute forcing with an IPC scanner then its almost impossible! It would take like 10 years to brute force an 8 character password. But anyhow, If you wanna try this out then open up the password dictionary file and add to it:
a
b
c
d
e
f...
...z {X10}
Write out the alphabet 10 times in the password text file.
a
b
c
d
e
f...
...z {X10}
Write out the alphabet 10 times in the password text file.
y0 m8 u can add ur own pass and users to the .dic file so where will b more chances that it woll guess the pass 
btw, y i cant make any new topics :/
Sorry, you do not have permission to start a topic in this forum
i read the FAQ and user preferances but didnt find the reason.. :/
btw, y i cant make any new topics :/
Sorry, you do not have permission to start a topic in this forum
i read the FAQ and user preferances but didnt find the reason.. :/
Bruteforcing NetBios for Windows 98 box was too easy 
Bruteforcing Windows 2000 and above ipc accounts should not be said impossible. It's just inevitable. Those determined hackers will of course take all their time to hack a single box. Other's chose to hack by the masses. Besides, brute forcing a box is not practical. You have to consider the ping delay between u and the victim.
the time taken to make the connections etc.
Bruteforcing Windows 2000 and above ipc accounts should not be said impossible. It's just inevitable. Those determined hackers will of course take all their time to hack a single box. Other's chose to hack by the masses. Besides, brute forcing a box is not practical. You have to consider the ping delay between u and the victim.
the time taken to make the connections etc.
yes but u cant brute force each letter can you , i go through all the althebete and then the scanner shows the first letter in the user or password begins with it etc
like 1 out of 26 letters has got to be in the password
or like 1 out of 9 digits
lets say the box has the password , SECURITY
what i mean is ok i get the scanner ive gone through all the lets from A to R and now trying S would the bruteforce show the letter S is the first letter in the password
or would it get confused?
like 1 out of 26 letters has got to be in the password
or like 1 out of 9 digits
lets say the box has the password , SECURITY
what i mean is ok i get the scanner ive gone through all the lets from A to R and now trying S would the bruteforce show the letter S is the first letter in the password
or would it get confused?
it will take forever to crack the password.
bruteforce attack can only be performed on low security level hash password like NTLM, otherwise, you will die before you get the password
edit: NO you cant do that !!!, you send the ENTIRE password to the server, and it return false or true, its not a mastermind ^^;;;; (microsoft security and programming method sux, but not like this ^^)
bruteforce attack can only be performed on low security level hash password like NTLM, otherwise, you will die before you get the password
edit: NO you cant do that !!!, you send the ENTIRE password to the server, and it return false or true, its not a mastermind ^^;;;; (microsoft security and programming method sux, but not like this ^^)
IPCS share is meant to carry out infromations from a pc anonymously.This information may be of users and many other thingz.So if we are able to get the user names on pc nt/2000/xp than there would a piece of Code which will bypass the restictions of ipc .If the perfect c0ders out there and united they make a project then there would be a chance of achieving it.
in order to this plzz contact and expand this topic
| QUOTE (binary_hashes @ Apr 11 2004, 04:51 AM) |
| So if we are able to get the user names on pc nt/2000/xp than there would a piece of Code which will bypass the restictions of ipc . |
Getting the user names list is pretty easy, but what's your "a piece of Code which will bypass the restictions of ipc", dictonnary attack on each user name is the only way i know to get rights on the remote host.
dickybob, passwords dont work that way
they arent stored as arrays or something...
instead of "pwdchar[0], pwdchar[1], pwdchar[2]" and they make up the password, the password is just one big lump
brute forcing is just trying to guess the username and password from a list of commonly used words, but automated, so you dont have to type it in manually. it goes a lot faster... but its still not an efficient, or reliable way of doing it. its also pretty newbie
they arent stored as arrays or something...
instead of "pwdchar[0], pwdchar[1], pwdchar[2]" and they make up the password, the password is just one big lump
brute forcing is just trying to guess the username and password from a list of commonly used words, but automated, so you dont have to type it in manually. it goes a lot faster... but its still not an efficient, or reliable way of doing it. its also pretty newbie
just as a matter of interest i have a RAS adapter, but cain does not support RAS only ethernet. i have an ICS client (over network) with cain on it so would i be able to send all data from the RAS adapter to the ICS client so cain can then sniff that data (using the ICS clients network adapter)
ive looked at port redirectors but some seem to error when i try to use useful ports like 445 (netbois)
any ideas??? if so that would be a cheap way of using cain with a modem to sniff lm hashes
ive looked at port redirectors but some seem to error when i try to use useful ports like 445 (netbois)
any ideas??? if so that would be a cheap way of using cain with a modem to sniff lm hashes
| QUOTE (epi @ Apr 11 2004, 01:00 PM) |
| but its still not an efficient, or reliable way of doing it. its also pretty newbie |
multithread attacking help a bit
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
