hi there
need some info plz, is it possible to compromise a win2k server having the c$ d$ and admin$ shares open but password protected , how can i evade the authentication to access the box, i know there is other possiblities of accesssing the box, but i would just like to know if a compromise of this sort is possible and if it is how can i do this, i searched google on the subject but would just like some other info.
regards
Only compromise of that sort is you can probably establish a netbios null session, dump the username list to make sure Administrator hasnt been renamed, then brute force Administrator since its the only account that can't be locked out by too many invalid login attempts.
I however won't explain exactly how to do any of the above because learning is part of hacking, also make sure you don't use this info for a malicious purpose ;D
Good Luck
Syxx
thanks , the info u gave is exactly what i need, as for the answers, GOOGLE is my friend i'm sure he'll tell me ;D
but theres 1 thing i need to know what type of brute forcer should i use, would lc3 or 4 work.
regards
No, LC will only work if you already have the sam file, there are a couple tools for bruteforcing netbios that you can find. ;p
http://www.cotse.com/tools/netbios.htm (http://www.cotse.com/tools/netbios.htm)
http://www.operationsecurity.com/resource_db.php?viewCat=12 (http://www.operationsecurity.com/resource_db.php?viewCat=12)
http://www.securiteam.com/tools/archive.html (http://www.securiteam.com/tools/archive.html)
Some NetBIOS tools for you there....
w0w! :o
Hand the guy a fork, spoon, knife, napkin and the plat of food as well.. ;)
At least he knows what google is used for...
Wilnix
Quote from: wilnix on December 30, 2002, 04:41:14 PM
w0w! :o
Hand the guy a fork, spoon, knife, napkin and the plat of food as well.. ;)
At least he knows what google is used for...
Wilnix
lol ;D
Well, hehe, one things for certain, if I get a call from any authorities mentioning someone they caught and I hear the words windows 2000 and Samba used, this thread is gonna vanish faster than Jimmy Hoffa's body...
;)
At least Jimmy would have looked for the info on his own !!
:P Wilnix