If the server is also running IIS then you could use the techniques outlined by David Litchfield in his post on 5th March 2002 - Considerations for IIS Authentication. If you expand upon the techniques outlined in the post (below) and follow the error messages you can ascertain what accounts are on the system. Tested and it works for me... GET / HTTP/1.1 Host: iis-server Authorization: Basic cTFraTk6ZDA5a2xt If the server responds with a 401 Access Denied response then Basic auth is enabled. If the server responds with a 200 OK then this means one of two things - the server does not support Basic auth (the most likely) or there is a system account on the server called "q1ki9" with a password of "d09klm" (most unlikely!). More information look at the orginal post: http://www.nextgenss.com/advisories/iisauth.txt ************************************************************* Advanced Hands-On Security in the Arabic Gulf DefensiveHacking and DefensiveForensics, Qatar January 2003 www.securityassoc.com/DefensiveCourse.pdf ************************************************************* Thanks Susan Chan Lee Security Associates - Singapore -----Original Message----- From: Ozan Gonenc [mailto:ogonencat_private] Sent: Saturday, November 30, 2002 3:52 AM To: 'Deus, Attonbitus'; 'visigoth'; 'Robert E. Lee' Cc: 'Joe Luna'; pen-testat_private Subject: RE: Terminal Server brute force This utility helps automate manual login/password attempts. Works pretty well for dictionary type attacks. It's a bit slow, especially when you have two clients going at the same time. tscrack 2.0.37 Dictionary Based Windows Terminal Services Cracker Something to keep you busy until TSGrinder comes out. ______________________________ Ozan Gonenc IT Security Specialist AEPOS Technologies Corporation http://www.aepos.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Dec 19 2002 - 19:39:44 PST