Re: SMB Brute Force

From: <kdillard(at)prismnet.com>
Date: Tue Mar 25 2003 - 14:22:53 EST

('binary' encoding is not supported, stored as-is)
In-Reply-To: <20030324231336.6755.qmail@www.securityfocus.com>

What are you trying to accomplish? Are you trying to break into somebody else's system or are you trying to audit password complexity on systems that you manage? If its the former than this is probably the wrong place for you to look for help. If its the latter then there are much better approaches than trying to connect to network shares via SMB. There are commercial and freeware tools for doublechecking passwords locally, its much faster to copy the SAM account database and perform this type of check locally than to try to do it over the network.

Additionally, if this is what you are trying to accomplish than why would a dictionary check be unacceptable? The only reason I can imagine anyone wanting to use a brute force password attack over the network is because they are trying to gain unauthorized access to systems they don't own.

If you are trying to hack remote machines CIFS may be a better protocol to use than SMB, and there are a handful of attack tools on the net that do what you want. If you want to write your own every Win32 programming language includes libraries for connecting to CIFS and SMB. You could even do it using a shell script, start with the NET USE command and go from there.

>SMB Brute Force Utility
didn't
>work.. or at least I couldn't get it to work with win2000 smb shares.

---

Get serious about enterprise anti-spam management. SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of technology to defeat spam with accuracy. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfmsl1 Received on Wed Mar 26 14:11:11 2003