Pages: [1]

Author Topic: Brute forcing a Windows share  (Read 4510 times)

0 Members and 1 Guest are viewing this topic.

Offline m0l0ko

  • Peasant
  • *
  • Posts: 129
  • Cookies: -4
    • View Profile
Brute forcing a Windows share
« on: November 17, 2012, 02:49:51 pm »
My brother has a shared folder that requires a password on the LAN. Hes running a Windows 8. I want to see if I can get into it without asking him for the password. First thing I'll try is brute forcing. Is there a program I can use to do a dictionary or brute force attack on a Windows share? Preferably a program for linux.
Report to moderator   Logged

Offline RedBullAddicted

  • Moderator
  • Sir
  • *
  • Posts: 519
  • Cookies: 189
    • View Profile
Re: Brute forcing a Windows share
« Reply #1 on: November 17, 2012, 03:28:47 pm »
Hi,

you can have a look at metasploit
http://www.offensive-security.com/metasploit-unleashed/SMB_SMB_Login

If you want to get some deeper knowledge you can read this one:
http://www.skullsecurity.org/blog/2009/bruteforcing-windows-tips-and-tricks

Here is a python script I found with a quick google search:
http://code.google.com/p/patator/

But I would recommend (for best learning experience) to write your own tool. Go and capture the traffic produced during a log on attempt. If you want to keep it as easy as possible you should have a look at scapy:
http://www.secdev.org/projects/scapy/doc/usage.html#interactive-tutorial

Hope this helps :)
Cheers,
RBA
Report to moderator   Logged
Deep into that darkness peering, long I stood there, wondering, fearing, doubting, dreaming dreams no mortal ever dared to dream before. - Edgar Allan Poe

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Brute forcing a Windows share
« Reply #2 on: November 17, 2012, 06:03:40 pm »
I have done a video in my language, some long time ago, showing how to accomplish that (given the best conditions). I utilized Medusa with SMB plugins to bruteforce into the shares and samba - a linux util to browse around.
http://9v.lt/blog/hacking-smb-the-linux-way/

Can't find that post on Evilzone, maybe I didn't post it...?
Report to moderator   Logged

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Brute forcing a Windows share
« Reply #3 on: November 17, 2012, 07:50:36 pm »
SMB really hates bruteforcing.
Crashes etc are not uncommon.

But as long as there are no xploits this seems like the right approach.
Report to moderator   Logged
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline s3my0n

  • Knight
  • **
  • Posts: 276
  • Cookies: 58
    • View Profile
    • ::1
Re: Brute forcing a Windows share
« Reply #4 on: November 18, 2012, 09:31:36 am »
Try pass the hash attack. Google it, metasploit can automate it I think.
Report to moderator   Logged
Easter egg in all *nix systems: E(){ E|E& };E

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Brute forcing a Windows share
« Reply #5 on: November 18, 2012, 10:28:29 am »
Thats what I was thinking ^ :)


Or a different approach;
There are many many java exploits last weeks.
Good chance he hasnt updated, just pop his box, do some ARP or DNS spoofing > Java exploit and get yourself a shell.
? this is evilzone right ?
Report to moderator   Logged
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: Brute forcing a Windows share
« Reply #6 on: November 18, 2012, 09:17:40 pm »
Quote from: Kulverstukas on November 17, 2012, 06:03:40 pm
I have done a video in my language, some long time ago, showing how to accomplish that (given the best conditions). I utilized Medusa with SMB plugins to bruteforce into the shares and samba - a linux util to browse around.
http://9v.lt/blog/hacking-smb-the-linux-way/

Can't find that post on Evilzone, maybe I didn't post it...?

Shameless plug <3  :-*
Report to moderator   Logged
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry
Pages: [1]