|
-
April 29th, 2004, 05:59 AM
#41
Junior Member
NAME
nat - NetBIOS Auditing Tool
SYNOPSIS
nat [-o <output>] [-u <userlist>] [-p <passlist>] <address>
How do you brute force with this?
By the way... I have obtained the enum source code, and I think that unless someone has enum+, I'm going to try and make it myself. Yes, I am stubborn. I know from wordlist tests that he has no lockout procedure, mainly because I could use that to permanently lock him out, I guess. This is a way I know that willl work, and so I'm going to try it.
-
April 29th, 2004, 06:35 AM
#42
By the way... I have obtained the enum source code, and I think that unless someone has enum+, I'm going to try and make it myself. Yes, I am stubborn. I know from wordlist tests that he has no lockout procedure, mainly because I could use that to permanently lock him out, I guess. This is a way I know that willl work, and so I'm going to try it.
If you stop and reread this thread you would see the link I gave you. I'd be willing to bet you a dollar if you wrote that individual he would give you the tool. Just tell him you are experimenting with your own network. If he doesn't give it up, then think about physical security.
Sometimes physical security is the hardest to obtain. I'd also bet you with either knoppix std, or a set of nix boot disks I could steal SAM. Even if it is password protected on BIOS a few jumpers short of the password is all you need. Then you are most likely in. Besides, the best hacks are original. Study the set up, come up with an original idea. Don't look over the sholders of your peers. Create your own path.
Be safe and stay free
Your heart was talking, not your mind.
-Tiger Shark
-
April 29th, 2004, 06:41 AM
#43
Originally posted here by The Grunt
How would the ISP even know? He is doing this INSIDE his own network. It's FIREWALLED to the outside world... How would the ISP even know unless they were snooping around? And since he is quite certain his brother isn't running a firewall, there aren't going to be any firewall logs. And MOST people don't bother to check Event Viewer every day to see how many logins there have been... His hack is not supposed to remain undetected, he WANTS his brother to know about it... Why should he run nessus? He already found the only thing going on with his brothers computer. There is ONE service. He has to get in through that if he wants to get in directly with no user interaction. He has posted considering the other ways of doing it that others posted, and decided none of them will work, and that a brute forcer is the only way to do it...
Did I not say _be this a real case_? By which I mean, a real 'outdoor' attack. Brute-forcing a login on any system if done across the network is simply stupid. Yeah, he wouldn't have a problem with it when it's done to his brother's computer, but my reply was made from a learning perspective. Please read along more carefully next time.
I am surprised, however, that your brother hasn't simply blocked all requests coming from your IP. I mean, that will really turn the game up a notch wouldn't it? Getting into spoofing IP and etcetera... or, owning the firewall box and using that as a relay. Anyway, many possibilities/fun stuff to do.
I guess [don't have prior knowledge about it] that the NAT program would use a user and a pass list... don't know if used without those it would try to bruteforce.
I guess tweaking the enum source code is a good idea. It's much better than simply skidding the situation. Good luck on that attempt!
-
April 29th, 2004, 10:29 AM
#44
Junior Member
considering you are on the same LAN segment i would use a tool like Dsniff(network sniffer and password extractor program ) let it run for a couple of days then check if you got some password your brother uses on other sites, then use a program like hydra (dictionary hacker program ), wright a pass file of all different combos of previously sniffed passwords and you might get lucky people tend to either use the same password on lots of places or different combinations or adding numbers and so on.
good luck and happy hacking.
i hope this is for purely education purposes
-
April 29th, 2004, 04:00 PM
#45
Junior Member
I FOUND IT!!!
I got enum+ with full source code. The cool thing being that my own, modified enum source was beginning to look just like it. I was on the right track for sure. Now I have the answer, tho I will strive to figure out the rest of what I would have needed to change to activate real brute forcing.
So right now I am using enum+ to brute force his password, and I have also activated the suggested sniffer and it seems to be working (not that i've sniffed anything yet, cause he hasn't come home. I wonder if it will work, tho, cause our switch doesn't seem to send data to the hosts that don't have anything to do with mentioned data. I think there is a mirror funtion or something on it... hm.. that's a nice idea.
Also, I've checked out the power cutting option, and it seems I can make a plausible excuse out of it, however I am not sure if he would consider it a bad thing to do if he found out. We haven't actually sat down and discussed the rules for this game. heh
thanks for all the suggestions and help, guys
I'll lurk around in the shadows for a while and see if I can get comfortable with this forum.
you gave me a nice start 
-
April 29th, 2004, 04:14 PM
#46
ehm.. it might be usefull for the rest of us if you pasted the link to the source..
that way the community learns too !!
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
April 30th, 2004, 01:38 AM
#47
Senior Member
Here we go. (attached)
Found it on http://www.whitehat.co.il
I believe I tracked Gothtec down.. heh! 
-
April 30th, 2004, 07:47 AM
#48
An extra hint, your NIC should be in promiscuous mode for the sniffer to work properly [unless it sets this mode on its own] Normally your NIC only listens for stuff that's directed at it, instead of looking at all the traffic on the network.
/  \\
-
April 30th, 2004, 01:14 PM
#49
Something strikes me as very odd about this. I have seen any number of newbies get flames into smoldering ashes for asking questions alot more benign than this one. Now there was a lot of good advice given out in this thread. But one question lingers in my head. Why the insitance on the netBIOS brute force attack. With all the good suggestions being tossed in why does it HAVE to be netbios?
-
April 30th, 2004, 04:09 PM
#50
-Zombieman77
With all the good suggestions being tossed in why does it HAVE to be netbios?
I considered this prior to my advice. While we may never know if in fact he is using this against his brother. He asked his question in a better fashion than most. So I personally didn't see much harm in giving 2 cents. I suggested he move to another forum. Reason being I felt he was on thin ice, and at any moment one from above might smite him.
Be safe and stay free
Your heart was talking, not your mind.
-Tiger Shark
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
![-[PM.gothtec]- is offline](/images/statusicon/user-offline.png)
Reply With Quote
