Penetration Testing mailing list archives
Re: Scanning for blank admin passwords on a windows box
From: "Olivier Busolini" <olivier.busolini () wanadoo fr>
Date: Wed, 24 Jul 2002 17:05:32 +0200
Hi, I completely agree with Anders about userinfo. The only problem is that this tool messes up a bit on a target with a "large" (>20-30) number of users: some weak account are not detected (blanck password, or equal to username). So it's better to double check with another tool like the one Erwin (van der Zwan) named. Hope this helped, Olivier ----- Original Message ----- From: "Anders Thulin" <Anders.Thulin () kiconsulting se> To: "Jason" <cisspstudy () yahoo com> Cc: <pen-test () securityfocus com> Sent: Monday, July 15, 2002 11:05 AM Subject: Re: Scanning for blank admin passwords on a windows box
Jason wrote:I am looking for a fast multithreaded tool that can scan a range of IP addresses and look for blank administrator (or other user accounts) passwords on a windows NT/2000 server.If it can also try the username as password, server name as password
that
would also be nice.Take a look at the multithreaded beta of userinfo 1.9 at http://www.clicknet.ch/chscene/chscene.php. It's not fully multithreaded, though -- it only does it over 64-subnets. It's also in the SecurityFocus tools list, but there is at least one other tool with the same name to confuse you. Main problem is that it reports in web page format... There are several non-mt tools that does the same thing. -- Anders Thulin anders.thulin () kiconsulting se 040-661 50 63 Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Scanning for blank admin passwords on a windows box Jason (Jul 12)
- RE: Scanning for blank admin passwords on a windows box Paul Craig (Jul 13)
- Re: Scanning for blank admin passwords on a windows box Joshua Levitsky (Jul 13)
- Re: Scanning for blank admin passwords on a windows box Anders Thulin (Jul 15)
- Re: Scanning for blank admin passwords on a windows box Olivier Busolini (Jul 25)
- <Possible follow-ups>
- Re: Scanning for blank admin passwords on a windows box Erwin van der Zwan (Jul 15)
- Re: Scanning for blank admin passwords on a windows box Muhammad Faisal Rauf Danka (Jul 15)