lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Dec 2009 10:53:35 -0700 From: Reed Arvin <reedarvin@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: WinScanX - A free Windows enumeration tool and a must have for any security professional WinScanX was released today. A Windows command-line enumeration tool plus an optional GUI front-end. A must have for any security professional. Download link: http://windowsaudit.com/downloads/WinScanX_Basic.zip Web site: http://www.windowsaudit.com/ Features and usage information: WinScanX v1.0 | http://www.windowsaudit.com/ Usage: WinScanX [-abcdefgpklijmnostqurxwyzSWv123] <hostname> <username> <password> [-abcdefgpklijmnostqurxwyzSWv123] -- required argument <hostname> -- required argument <username> -- optional argument <password> -- optional argument If the <username> and <password> arguments are omitted, this utility will attempt to establish a NetBIOS null session and gather information via the null session. If the <username> and <password> arguments are both plus signs (+), the existing credentials of the user running this utility will be used. Examples: WinScanX -1 10.10.10.10 WinScanX -2 10.10.10.10 + + WinScanX -3 10.10.10.10 administrator password WinScanX -3 10.10.10.10 domain\admin password WinScanX -1 WINSERVER01 WinScanX -2 WINSERVER01 + + WinScanX -3 WINSERVER01 administrator password WinScanX -3 WINSERVER01 domain\admin password WinScanX -1 192.168.1-254 WinScanX -2 192.168.1-254 + + WinScanX -3 192.168.1-254 administrator password WinScanX -3 192.168.1-254 domain\admin password WinScanX -1 IPInputFile.txt WinScanX -2 IPInputFile.txt + + WinScanX -3 IPInputFile.txt administrator password WinScanX -3 IPInputFile.txt domain\admin password ==== WinScanX Advanced Features ==== -a -- Get Account Policy Information -b -- Get Audit Policy Information -c -- Get Display Information -d -- Get Domain Information -e -- Get LDAP Information -f -- Get Administrative Local & Global Group Information -g -- Get Local & Global Group Information -p -- Get Installed Programs -k -- Get Interactively Logged On Users -l -- Get Logged On Users -i -- Get Patch Information -j -- Get Registry Information -m -- Get Scheduled Task Information -n -- Get Server Information -o -- Get Service Information -s -- Get Share Information -t -- Get Share Permissions -q -- Get SNMP Community Information -u -- Get User Information -r -- Get User Information via RA Bypass -x -- Get User Rights Information -w -- Get WinVNC3 & WinVNC4 Passwords -y -- Save Remote Registry Hives -z -- Ping Remote Host Before Scanning -S -- Guess SNMP Community Strings -W -- Guess Windows Passwords -v -- Verbose Output -1 -- Group 1 (includes -adglnsur) -2 -- Group 2 (includes -adgpljnsquw) -3 -- Group 3 (includes -abdgplijmnostquxw) ==== Retrieving Patch Information ==== The information that is queried for each host to determine the existance of a patch is included in the PatchInfo.input file. ==== Retrieving Registry Information ==== The registry key/value pairs that are queried for each host are included in the RegistryInfo.input file. ==== SNMP Community String Guessing ==== The SNMP community strings that are attempted for each host are included in the CommunityStrings.input file. ==== Windows Password Guessing ==== For Windows password guessing to occur, there must be a matching <hostname>.users file in the UserCache directory for each host on which you attempt to guess passwords. WinScanX options -c, -r, -u, and -S can be used to generate <hostname>.users cache files. The passwords that are attempted for each user account are included in the Dictionary.input file. The following can also be used in the Dictionary.input file: <username> -- The name of the current user <lcusername> -- The name of the current user in lower case <ucusername> -- The name of the current user in upper case <blank> -- A blank or null password _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists