lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 22 Dec 2009 10:53:35 -0700
From: Reed Arvin <reedarvin@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: WinScanX - A free Windows enumeration tool and a
	must have for any security professional

WinScanX was released today. A Windows command-line enumeration tool
plus an optional GUI front-end. A must have for any security
professional.

Download link: http://windowsaudit.com/downloads/WinScanX_Basic.zip

Web site: http://www.windowsaudit.com/

Features and usage information:

WinScanX v1.0 | http://www.windowsaudit.com/

Usage: WinScanX [-abcdefgpklijmnostqurxwyzSWv123] <hostname>
<username> <password>

[-abcdefgpklijmnostqurxwyzSWv123]  -- required argument
<hostname>  -- required argument
<username>  -- optional argument
<password>  -- optional argument

If the <username> and <password> arguments are omitted, this utility
will attempt to establish a NetBIOS null session and gather information
via the null session.

If the <username> and <password> arguments are both plus signs (+), the
existing credentials of the user running this utility will be used.

Examples:
WinScanX -1 10.10.10.10
WinScanX -2 10.10.10.10 + +
WinScanX -3 10.10.10.10 administrator password
WinScanX -3 10.10.10.10 domain\admin password

WinScanX -1 WINSERVER01
WinScanX -2 WINSERVER01 + +
WinScanX -3 WINSERVER01 administrator password
WinScanX -3 WINSERVER01 domain\admin password

WinScanX -1 192.168.1-254
WinScanX -2 192.168.1-254 + +
WinScanX -3 192.168.1-254 administrator password
WinScanX -3 192.168.1-254 domain\admin password

WinScanX -1 IPInputFile.txt
WinScanX -2 IPInputFile.txt + +
WinScanX -3 IPInputFile.txt administrator password
WinScanX -3 IPInputFile.txt domain\admin password


==== WinScanX Advanced Features ====

-a  -- Get Account Policy Information
-b  -- Get Audit Policy Information
-c  -- Get Display Information
-d  -- Get Domain Information
-e  -- Get LDAP Information
-f  -- Get Administrative Local & Global Group Information
-g  -- Get Local & Global Group Information
-p  -- Get Installed Programs
-k  -- Get Interactively Logged On Users
-l  -- Get Logged On Users
-i  -- Get Patch Information
-j  -- Get Registry Information
-m  -- Get Scheduled Task Information
-n  -- Get Server Information
-o  -- Get Service Information
-s  -- Get Share Information
-t  -- Get Share Permissions
-q  -- Get SNMP Community Information
-u  -- Get User Information
-r  -- Get User Information via RA Bypass
-x  -- Get User Rights Information
-w  -- Get WinVNC3 & WinVNC4 Passwords
-y  -- Save Remote Registry Hives

-z  -- Ping Remote Host Before Scanning

-S  -- Guess SNMP Community Strings
-W  -- Guess Windows Passwords

-v  -- Verbose Output

-1  -- Group 1 (includes -adglnsur)
-2  -- Group 2 (includes -adgpljnsquw)
-3  -- Group 3 (includes -abdgplijmnostquxw)


==== Retrieving Patch Information ====

The information that is queried for each host to determine the existance
of a patch is included in the PatchInfo.input file.


==== Retrieving Registry Information ====

The registry key/value pairs that are queried for each host are included
in the RegistryInfo.input file.


==== SNMP Community String Guessing ====

The SNMP community strings that are attempted for each host are included
in the CommunityStrings.input file.


==== Windows Password Guessing ====

For Windows password guessing to occur, there must be a matching
<hostname>.users file in the UserCache directory for each host on which
you attempt to guess passwords. WinScanX options -c, -r, -u, and -S can be
used to generate <hostname>.users cache files.

The passwords that are attempted for each user account are included in the
Dictionary.input file.

The following can also be used in the Dictionary.input file:

<username>   -- The name of the current user
<lcusername> -- The name of the current user in lower case
<ucusername> -- The name of the current user in upper case
<blank>      -- A blank or null password

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists