| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Jan 2010 21:27:13 -0700 From: Reed Arvin <reedarvin@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Windows Account Password Guessing with WinScanX Original article: http://windowsaudit.com/winscanx/windows-account-password-guessing-with-winscanx/ WinScanX download (free): http://windowsaudit.com/ Watch the video: http://www.youtube.com/watch?v=i9ZI7A-IpDw One of the most dangerous things you can do with WinScanX is lockout a Windows account password using the Guess Windows Passwords option recklessly. The account lockout threshold value should always be taken into consideration before attempting to guess Windows account passwords. Prerequisites to Windows account password guessing: For Windows account password guessing to occur you must have a list of valid user accounts from the remote host to guess passwords against. When WinScanX enumerates these user accounts they are stored in a file in the UserCache directory named <hostname>.users. There are three different options WinScanX can use to generate user cache files for Windows password guessing, all of which are safe: - Get User Information - Get User Information via RA Bypass - Guess SNMP Community Strings If the appropriate options are selected, WinScanX will attempt to enumerate a list of valid user account the normal way, using a Restrict Anonymous bypass method, or by guessing a valid SNMP community string (if the SNMP service is available). Review the account lockout threshold: It is very important to review the account lockout threshold on the remote host before performing Windows account password checking. Run WinScanX with the Get Account Policy Info option selected to retrieve the account lockout threshold. Machines where accounts do not lockout are the safest to guess passwords against. Review the dictionary.input file: The dictionary.input file is the file that lists the passwords that will be attempted for each valid Windows account. By default there are two passwords attempted for each Windows account: <lcusername> – the username in lowercase <blank> – a blank or null password Feel free to add as many passwords to this file as you wish. A password of “password” is also common. Remember that every password in this list will be attempted against every valid Windows account. Initiating Windows account password guessing: If you’ve obtained a user cache file from the remote host and verified that you’re comfortable with the account lockout threshold set on the remote host, then you are ready to start the Windows account password guessing process. Select the Guess Windows Passwords option in the WinScanX GUI and click Start Scan. When the scan is complete, check the Reports folder for the GuessedWindowsPasswords.txt file. You may also want to review the ConnectErrorLog.txt file to ensure you have not accidentally locked out any Windows account passwords. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists