Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 18
Guests Online: 15
Members Online: 3

Registered Members: 82876
Newest Member: bhl1986
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

NetBios passwd Cracking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-12-08 23:08
Ok, so my neighbor thinks its funny to connect to my internet and use the internet for free, so instead of encrypting it, i thought i would experiment with security on her computer..

So ive netbios'd her drives and i want to gain admin privelages

I heard ENUM+.exe is good for cracking admin passes over netbios, and ive started the command line tool, and i did enum.exe -u ADMIN$ -D -f Passwd.exe 192.168.xx.xx

is the username always ADMIN$ or is it the username the victim logs into on his/her computer

The main problem im having tho is, that when i execute a dictonary attack, it just stops at the first line and says

(1) ADMIN$ | aaa
password found: aaa

why does it do this?

I want it to search the whole wordlist to crack the password

How can i make it use the whole wordlist??

Please help

Jason Smile


Author

RE: NetBios passwd Cracking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-12-08 23:17
The username is not ADMIN$... that's the name of one of the hidden shares. The username would be "Administrator".


Author

RE: NetBios passwd Cracking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-12-08 23:21
Zephyr_Pure wrote:
The username is not ADMIN$... that's the name of one of the hidden shares. The username would be "Administrator".


Thank you Zephyr_Pure Ill try that, but why is it that when i load a txt wordlist into the application, it just scans the first word/line and gives the output that the first word is the cracked password?

Thank you
Jason


Author

RE: NetBios passwd Cracking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-12-08 23:25
Could've been a problem caused by not using a valid admin-level username. Guess we'll see when you try "Administrator" instead.


Author

RE: NetBios passwd Cracking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-12-08 23:33
Zephyr-Pure, Ive tried different Username combinations and its still outputting the first word, Its beginning to annoy me and i was forced to ask for help, i dont know what to do Sad


EDIT: I kinda got it working, but i get this error message:

return 1219, Multiple connections to a server or shared resource by the same use
r, using more than one user name, are not allowed. Disconnect all previous conne
ctions to the server or shared resource and try again..

The only problem is tho... is that i dont have any drives shared at this point, i disconnected them all and even restarted :S
Jason




Edited by on 20-12-08 23:39
Author

RE: NetBios passwd Cracking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-12-08 23:40
Now that I've looked back at the first post, I see you're using an exe file for your wordlist; you need a txt file there. Also, if you run into any other problems, go ahead and post the usernames that you've tried as well as the first few lines of your specified wordlist. Make sure the wordlist is in the same directory as Enum.

Edit: To make it easier for people to help you, describe specifically the steps you are taking and the errors you're getting. Also, did the dictionary attack even start / finish / get a password?




Edited by on 20-12-08 23:57
Author

RE: NetBios passwd Cracking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-12-08 23:57
Zephyr_Pure wrote:
Now that I've looked back at the first post, I see you're using an exe file for your wordlist; you need a txt file there. Also, if you run into any other problems, go ahead and post the usernames that you've tried as well as the first few lines of your specified wordlist. Make sure the wordlist is in the same directory as Enum.


Sorry that was a Typo, it was meant to be .txt lol

her name is Ann,
Ive tried the following Username..
Administrator , Admin, Ann, Guest

And the first words of my wordlist are...

admin
sysadm
sysadmin
operator
manager
lotus

But ive used more than one wordlist and its still the same

I did however try using the hostname instead of the Local IP

and it seemed to work but it says something about too many shared devices on the network, but ive disconnected all the shared drives and that but its still not working, lol

Jason


Author

RE: NetBios passwd Cracking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-12-08 00:03
Try them in lowercase, too. You're disconnecting shared drives using "net use * /delete", right? And verifying with "net use" immediately after to list all open connections? It's giving the error when starting the dictionary attack, or when you try to connect to a hidden share?


Author

RE: NetBios passwd Cracking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-12-08 00:24
Zephyr_Pure wrote:
Try them in lowercase, too. You're disconnecting shared drives using "net use * /delete", right? And verifying with "net use" immediately after to list all open connections? It's giving the error when starting the dictionary attack, or when you try to connect to a hidden share?


Thank you for the delete all command, i didnt think about using a wildcard, lol, i deleted all the shared drives and used net use immediatly after and there were no drives showing, when i use a dictonary attack, it just pauses for a second or two, then it goes through all the passwords, and after each password it still says theres too many shared drives being used, i can access her C drive and CD/DVD drive, so i have no problems with that, also i just looked at a tutorial and i managed to share the IPC$, would this help?

Jason


Author

RE: NetBios passwd Cracking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-12-08 02:10
Zubb21 wrote:
Thank you for the delete all command, i didnt think about using a wildcard, lol, i deleted all the shared drives and used net use immediatly after and there were no drives showing, when i use a dictonary attack, it just pauses for a second or two, then it goes through all the passwords, and after each password it still says theres too many shared drives being used, i can access her C drive and CD/DVD drive, so i have no problems with that, also i just looked at a tutorial and i managed to share the IPC$, would this help?

Jason

No prob; that net use command actually has a non-hacking purpose as well. Handy netadmin tool. Smile Probably the two most common hidden shares are the C$ and IPC$ shares; C$ is sometimes necessary for programs to function correctly, and IPC$ has some purpose that I have forgotten. Either way, either of those should be your primary target. When you say "managed to share the IPC$", do you mean that you managed to access it? If so, try to connect to the C$ as well.

Take a screenshot of the command you're using and the resulting output in the terminal, and paste that here. That would be the best way to see what's going on. Keep it small. Smile