Best NetBIOS brute forcing tool?
Page 1 of 7 123 ... LastLast
Results 1 to 10 of 69

Thread: Best NetBIOS brute forcing tool?

  1. #1
    Junior Member
    Join Date
    Apr 2004
    Posts
    25

    Best NetBIOS brute forcing tool?

    Hello there.

    Just out of interest, I am trying to hack a share on my brothers computer. We're connected in a gigabit LAN. I have tried lots of different programs, but none seem to do the job properly. What I need is a FAST program with a true brute forcing ability (no dictionaries and crap).

    I have tried:
    Brutus - got an error that lots of other people seem to get too... Netbios error 0 something
    PwlTool - too ****in slow (35 passwords a second on gigabit lan?!). says so in the readme too
    xIntruder, Legion - can only crack shares on Win95/98/ME
    enum - uses a dictionary (the password is not in one...)
    enum+ - can't get my hands on it! if anyone has it, please let me know!


    Do any of you have a personal favorite? I have no idea why I can't seem to find any good tools to do this, as I see it as a relatively (given good knowledge on the subject) simple task to generate all possible character variations of a given length and try all of them on a specific username at a just as relatively high speed.


    Please help me out if you can?

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    For my brothers machine on a high speed network like that I like wandering over and grabbing the SAM straight from it..... If he logged out I like the knoppix solution.... or ERD Commander....

    I don't know many people with a gigabit home network...... I'm a tad suspicious.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    Instead of trying to be a skiddie (I define a skiddie as one who wants to use a tool to do the dirty work instead of learning something) why don't you do some research on exploits available for whatever OS your brother happens to be running... after all, there is more than one way to skin a cat.

    I would apologize for being *****ish, except I really don't care..... you learn nothing by by simply running a tool, and I would assume that if you are here, you are actually interested in learning something...

  4. #4
    Senior Member
    Join Date
    Dec 2003
    Location
    LA, CA
    Posts
    292
    Originally posted here by groovicus
    Instead of trying to be a skiddie (I define a skiddie as one who wants to use a tool to do the dirty work instead of learning something) why don't you do some research on exploits available for whatever OS your brother happens to be running... after all, there is more than one way to skin a cat.
    Or if you still want to try brute force:
    write yourself a batch file which does the job
    http://www.computerhope.com/batch.htm
    A mind full of questions has no room for answers

  5. #5
    Have you tried munga bunga's brute forcer?
    i've forgotten the Url, but i'm sure just a quick little search down google lane you should be able to find it.
    Or i'd also suggest studying up on what o's your Bro is running, and find some sort of weakness in he's box.


    cheers
    .:front2back:.

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    Now in all probability... are you sure he's got the share enabled? I mean you sound sure, but what if he tightened the box securely?

    Brute forcing is really not very efficient across the network, most firewall rules will catch on once you begin to send very many packets [as a very fast brute forcer would do] and block your IP for a while, although you wouldn't know that has happened.

    I too think some OS fingerprinting would reveal a lot of information, and from there on you can decide what the best approach is. Nessus would tell you some of the vulnerabilities it detected, too.
    /\\

  7. #7
    Junior Member
    Join Date
    Apr 2004
    Posts
    25
    I can't get the file, because I can't get to the computer. When he's not there, he locks it. He would know if I rebooted it or anything.
    I'm trying to show that people can get in anyway.

    I know he is running windows xp and that he updates it frequently. However, I also know he has shared his drives, so that he can get his files from the laptop. I have scanned a little, and the netbios ports are the only ones that are open. He has (probably) got no strict lockout procedures or anything, as we are both on a LAN behind another server. This is why brute-force comes to mind.

    On the part of learning something, I already have. In lack of a good brute forcing tool, I tried to go with a dictionary one and generate my own wordlist with all possibilities in it. So I wrote a small java program (yes, java. i know it sux, but i felt like doing it in java. i also knew i could do it in java without having to learn new things, so I could do it fast) that would make a txt file with all password combinations, either alpha only or alphanumberic with a specified length. However, the list of all alphanumberic passwords just from one to six characters took 15 gigabytes of space. Made me realize just how many passwords there are.


    About the munga bunga thingy I read there was a couple of viruses and worms and stuff in it... I also read that you have to disable Norton to actually be able to download it in the first place. Is that thing really safe?

  8. #8
    Junior Member
    Join Date
    Apr 2004
    Posts
    25
    oh, and about that batch file.. won't that be just as slow as PwlTool? I need something that can try several passwords at once. Besides, how do you generate all the brute force passwords with a batch file?

  9. #9
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    Is he running a firewall, or has he just closed off all of his services expcpet for netbios. If he does have a firewall, figure out which one it is and try and find an exploit for it. Black Ice and Zone Alarm have had their fill lately.
    Here is a little link that might give you some more information on the subject aside from just plain brute forcing the machine:

    http://www.schizm.netfirms.com/docs/hacking_netbios.htm

    By the way, what did you use to run the port scan with and what OS are you running?
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  10. #10
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    Hmm coding an app to generate all those combinations sounds more reasonable. Perl has a nice built-in support for incrementing strings which could help you... But [and this is something I could pose as knowing, although I would have to research on my own] you would need to learn more about socket programming to get a really good speed for the bruteforcer. One could, possibly, invoke a system call for this from the program, but I think that would be pretty slow.
    /\\

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •