The easy way to do it (although not multithreaded, or fast) would be to use nbtdump in conjunction with a little bat/sh script looping all addresses. Ie: nbtdump $1, then simply cat *.html |grep "password is" Or the windows equiv of grep (or just use windows search/contains) Nbtdump will attempt to connect to null shares and check for user/"", user/user and user/password. Handy, but it often fails on matching some accounts and isn't really that fast. Nbtdump is on foundstone, originally made by David Litchfield (www.cerberus-infosec.co.uk) Hope this helps some.. -----Original Message----- From: Jason [mailto:cisspstudyat_private] Sent: Friday, July 12, 2002 1:51 PM To: pen-testat_private Subject: Scanning for blank admin passwords on a windows box I am looking for a fast multithreaded tool that can scan a range of IP addresses and look for blank administrator (or other user accounts) passwords on a windows NT/2000 server. If it can also try the username as password, server name as password that would also be nice. Doing blank password scanning using the following command line syntax is driving me crazy! FOR /L %i IN (1,1,254) DO net use \\XX.XX.XX.%i\IPC$ "" /u:Administrator Any help appreciated. Jason ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sat Jul 13 2002 - 10:25:04 PDT