EvilZone

Hacking and Security => Hacking and Security => : m0l0ko November 17, 2012, 02:49:51 PM

: Brute forcing a Windows share
: m0l0ko November 17, 2012, 02:49:51 PM

My brother has a shared folder that requires a password on the LAN. Hes running a Windows 8. I want to see if I can get into it without asking him for the password. First thing I'll try is brute forcing. Is there a program I can use to do a dictionary or brute force attack on a Windows share? Preferably a program for linux.

: Re: Brute forcing a Windows share
: RedBullAddicted November 17, 2012, 03:28:47 PM

Hi,

you can have a look at metasploit
http://www.offensive-security.com/metasploit-unleashed/SMB_SMB_Login

If you want to get some deeper knowledge you can read this one:
http://www.skullsecurity.org/blog/2009/bruteforcing-windows-tips-and-tricks

Here is a python script I found with a quick google search:
http://code.google.com/p/patator/

But I would recommend (for best learning experience) to write your own tool. Go and capture the traffic produced during a log on attempt. If you want to keep it as easy as possible you should have a look at scapy:
http://www.secdev.org/projects/scapy/doc/usage.html#interactive-tutorial

Hope this helps :)
Cheers,
RBA

: Re: Brute forcing a Windows share
: Kulverstukas November 17, 2012, 06:03:40 PM

I have done a video in my language, some long time ago, showing how to accomplish that (given the best conditions). I utilized Medusa with SMB plugins to bruteforce into the shares and samba - a linux util to browse around.
http://9v.lt/blog/hacking-smb-the-linux-way/

Can't find that post on Evilzone, maybe I didn't post it...?

: Re: Brute forcing a Windows share
: proxx November 17, 2012, 07:50:36 PM

SMB really hates bruteforcing.
Crashes etc are not uncommon.

But as long as there are no xploits this seems like the right approach.

: Re: Brute forcing a Windows share
: s3my0n November 18, 2012, 09:31:36 AM

Try pass the hash attack. Google it, metasploit can automate it I think.

: Re: Brute forcing a Windows share
: proxx November 18, 2012, 10:28:29 AM

Thats what I was thinking ^ :)


Or a different approach;
There are many many java exploits last weeks.
Good chance he hasnt updated, just pop his box, do some ARP or DNS spoofing > Java exploit and get yourself a shell.
? this is evilzone right ?

: Re: Brute forcing a Windows share
: iTpHo3NiX November 18, 2012, 09:17:40 PM

: Kulverstukas  November 17, 2012, 06:03:40 PM

I have done a video in my language, some long time ago, showing how to accomplish that (given the best conditions). I utilized Medusa with SMB plugins to bruteforce into the shares and samba - a linux util to browse around.
http://9v.lt/blog/hacking-smb-the-linux-way/ (http://9v.lt/blog/hacking-smb-the-linux-way/)

Can't find that post on Evilzone, maybe I didn't post it...?

Shameless plug <3  :-*