Best NetBIOS brute forcing tool? - Page 3
Page 3 of 7 FirstFirst 12345 ... LastLast
Results 21 to 30 of 69

Thread: Best NetBIOS brute forcing tool?

  1. #21
    Junior Member
    Join Date
    Apr 2004
    Posts
    25
    don't think i haven't tried

    besides, i'm norwegian, so is my brother, and it is unlikely that his password is in any english dictionary you can find on the net. my brother being a smart guy, it is actually highly unlikely that his password is in any dictionary at all. it's probably something like h6ai10w6 or something.

    that is why i need to brute force in the first place.


    using my selfmade (ooh!) password generator, i have figured out that a list of alphanumeric passwords from 1-6 characters is alone 15 gigs of uncompressed text. my brothers password is probably the standard 8 chars, and my computer just doesn't have enough room for a list that large, tho it would enable a dictionary based program to work. however, last time i tried the 1-6 char list on such a program, it just ran out of memory (no surprise). again, i need a true brute forcer.

  2. #22
    You can still make one. Just a brute force text list is definitley not the way to go. Just make a huge switch in a loop.

  3. #23
    Junior Member
    Join Date
    Apr 2004
    Posts
    25
    so the problem remains...

  4. #24
    again, i need a true brute forcer.
    Cain & Abel has brute forcing and dictionary attack.

    brute force= every possible combination, 000001 000002 so on.
    dictionary attack=.txt file with every word in the dictionary, cat, dog, watermelon and so on.

    So what is your problem?

  5. #25
    AO Part Timer
    Join Date
    Feb 2003
    Posts
    332
    Go here

    I checked out the tool. Couldn't find it. However I did find another board that might help you. Unfortunatley the board is locked. But if you read that post he mentions your enum tool. He also has an email at the bottom. Since it doesn't appear that anybody here is going to help you. Perhaps you might move on and keep asking folks. Somebody will give it to you. Just not anybody here perhaps.

    Good luck



    Be safe and stay free
    Your heart was talking, not your mind.
    -Tiger Shark

  6. #26
    Junior Member
    Join Date
    Apr 2004
    Posts
    25
    Originally posted here by Soda_Popinsky
    Cain & Abel has brute forcing and dictionary attack.

    brute force= every possible combination, 000001 000002 so on.
    dictionary attack=.txt file with every word in the dictionary, cat, dog, watermelon and so on.

    So what is your problem?
    yes it does have a brute forcing ability. and i know what it is, thankyouverymuch

    it has a brute forcing ability for:

    LM & NTLM Hashes
    NTLMv2 Hashes
    PWL files
    Cisco IOS-MD5 Hashes
    Cisco PIX-MD5 Hashes
    APOP-MD5 Hashes
    OSPF-MD5 Hashes
    RIPv2-MD5 Hashes
    VRRP-HMAC Hashes
    VNC-3DES
    MD2 Hashes
    MD4 Hashes
    MD5 Hashes
    SHA-1 Hashes
    RIPEMD-160 Hashes
    Kerb5 PreAuth Hashes
    MSN Hashes
    Radius Key Hashes
    IKE-PSK Hashes
    MSSQL Hashes

    Originally posted here by Soda_Popinsky
    So what is your problem?
    well.. that I don't see NetBIOS, Samba, SMB or anything similar on that list is pretty much my problem

  7. #27
    Senior Member
    Join Date
    Apr 2004
    Posts
    157
    Well.. since you have a Linux box, have you checked this one out?
    RPA (Remote Password Assasin)

    Even though you laptop is "only" on a 100 network, I don't think that will be your bottleneck anyways..

    well.. that I don't see NetBIOS, Samba, SMB or anything similar on that list is pretty much my problem
    Yeah, but if you successfully can sniff up any of the others, you are ready to go.
    And yes, it sniffs up SMB... I have tried it, works fine..

  8. #28
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    There may be rules to the "game" but...

    If it were me I would go to the circuit breaker and cut the power to his room. No more locked console. If he has an ups let it run down and report to windows like a good little ups. Bonus- it might even shut the pc down, even better there is a good log of it. "System has detected a power outage, orderly shutdown has started." Now hike up to the room and load OS tools of Choice into the CD Rom or Floppy. If it is really a game, he would have locked the BIOS and disabled the CDROM, easy for you if he hasn't but floppy tools are just as good. Now go and turn on the Circuit breaker and do the deed. DO not boot Windows until the CD or floppy is removed. When finished, click the breaker to your room and mom and dads too so a couple of clocks blink to justify the power problems. This may be Bad all around,considering you could damage stuff and I don't condone the action, only the thought process to complete a clean sweep of the computer sytem when the terminal is locked and physical access is an option.

    I treat all power outages as malicious reboots, your bro might too but there is nothing to prove a bump didn't occur. This is cheating in a way, since the deal is probably in lines with attacking the PC remotely but hey.

    Oh, do a little recon to see if he has a boot password. You will want to know that before hand so you can be prepared to reset it. Blame it's sudden dissapearence on the rough power outage surges of 2004.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  9. #29
    Junior Member
    Join Date
    Apr 2004
    Posts
    25
    Originally posted here by SawPer
    Well.. since you have a Linux box, have you checked this one out?
    RPA (Remote Password Assasin)

    Even though you laptop is "only" on a 100 network, I don't think that will be your bottleneck anyways..



    Yeah, but if you successfully can sniff up any of the others, you are ready to go.
    And yes, it sniffs up SMB... I have tried it, works fine..

    I grabbed the tool from a russian website, since the company page (http://www.roses-labs.com) seemed to be offline. Version 1.0 was the newest version google would lead me to. However, in the readme file, it says:
    Right now, RPA is able to attack the following ports:
    Service Port
    - FlowPoint Router 23
    - POP 110
    - FTP 21
    - Telnet 23
    How did you get it to do SMB? The command line options are:
    - l: Login file to use.
    Default file -> user.txt
    - s: Use the same login.
    - c: Password file to use.
    Default file -> dic.txt
    - r: Attack FlowPoint Router.
    - t: Attack Telnet.
    - f: Attack FTP.
    - p: Attack POP.

    I don't know what to do

  10. #30
    Junior Member
    Join Date
    Apr 2004
    Posts
    25
    Originally posted here by RoadClosed
    There may be rules to the "game" but...

    If it were me I would go to the circuit breaker and cut the power to his room. No more locked console. If he has an ups let it run down and report to windows like a good little ups. Bonus- it might even shut the pc down, even better there is a good log of it. "System has detected a power outage, orderly shutdown has started." Now hike up to the room and load OS tools of Choice into the CD Rom or Floppy. If it is really a game, he would have locked the BIOS and disabled the CDROM, easy for you if he hasn't but floppy tools are just as good. Now go and turn on the Circuit breaker and do the deed. DO not boot Windows until the CD or floppy is removed. When finished, click the breaker to your room and mom and dads too so a couple of clocks blink to justify the power problems. This may be Bad all around,considering you could damage stuff and I don't condone the action, only the thought process to complete a clean sweep of the computer sytem when the terminal is locked and physical access is an option.

    I treat all power outages as malicious reboots, your bro might too but there is nothing to prove a bump didn't occur. This is cheating in a way, since the deal is probably in lines with attacking the PC remotely but hey.

    Oh, do a little recon to see if he has a boot password. You will want to know that before hand so you can be prepared to reset it. Blame it's sudden dissapearence on the rough power outage surges of 2004.
    i like your idea, but it's something i cannot do, i'm afraid

    there hasn't been a power outage here for several years..
    norway runs mostly on 30 year old water turbines
    if we have a power outage, we've run out of water

    i think he would know. or call someone and then know. he would be angry with me for succeeding, so he would check everything to make sure i actually did.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides