Yeh i agree but as you are a pentester you know anything about Enum+ bruteforcing netbios pass?Originally Posted by ShadowKill
Hey man, personal feelings are totally cool as long as they are within reason and semi-justified. Everyone has opinions, and who am I to tell someone they're wrong for having them. That's the nature of humanity. Call people out if you must, I sure do, but try and make it tasteful and provide sufficient reason to backup your statement(s)
Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.
Well from what I remember it is an .exe with the capability of grabbing user and group lists, share lists (ie enum.exe -S 31.3.3.7), password and LSA policy information, etc etc
You can also use it to bruteforce said shares as well as dict-attack.
Did you have anything specific you wanted to know?
"The goal of every man should be to continue living even after he can no longer draw breath."
~ShadowKill
well if possible and i know its asking alot the command to brute force a netbios administrator restricted share e.g
c:\users\administrator>netuse * \\**.0.10.***\c$ will then ask for my password witch way would i go around using enum to bruteforce the password ive set my login policy attempts to 0 with no timeout for this exersize username ill be using will be administrato
Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.
Ok, and what do I gain if I pray to you? A lower ASN or some special huuguu?
Just kidding, Mick
If you are near a box running windows, I can link you to the prog so you can look at it if need be. Maybe my help file is corrupted, or non existent
Last edited by killadaninja; 06-24-2010 at 06:31 AM.
Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.
It should just beI would check the help file to be sure though. enum.exe -hCode:C:\...\...\...\enum.exe -u administrato -b IP_HERE
"The goal of every man should be to continue living even after he can no longer draw breath."
~ShadowKill
Seems Nmap can enumerate better than this so called enumeration tool, "access denied" yet nmap can. I only want to use enum for its brute forcing capabilities.
Last edited by killadaninja; 06-24-2010 at 06:34 AM.
Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.
"Fatal unknown switch", Hmm what am I missing here?
Last edited by killadaninja; 06-24-2010 at 06:37 AM.
Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.
Which switch?
usage: enum.exe [switches] [hostname|ip]
-U: get userlist
-M: get machine list
-N: get namelist dump (different from -U|-M)
-S: get sharelist
-P: get password policy information
-G: get group and member list
-L: get LSA policy information
-d: be detailed, applies to -U and -S
-D: dictionary crack, needs -u and -f
-b: bruce force crack, needs -u for specify user to crack
-c: don't cancel sessions
-u: specify username to use (default "")
-p: specify password to use (default "")
-f: specify dictfile to use (wants -D)
Run enum.exe -S YOUR_IP and see if it is even picking up your share
"The goal of every man should be to continue living even after he can no longer draw breath."
~ShadowKill
C:\Users\Administrator>ENUM.EXE -S 10.0.10.198
server: 10.0.10.198
setting up session... success.
enumerating shares (pass 1)... fail
return 5, Access is denied.
cleaning up... success.
C:\Users\Administrator>
C:\Users\Administrator>enum.exe
usage: enum.exe [switches] [hostname|ip]
-U: get userlist
-M: get machine list
-N: get namelist dump (different from -U|-M)
-S: get sharelist
-P: get password policy information
-G: get group and member list
-L: get LSA policy information
-D: dictionary crack, needs -u and -f
-d: be detailed, applies to -U and -S
-c: don't cancel sessions
-u: specify username to use (default "")
-p: specify password to use (default "")
-f: specify dictfile to use (wants -D)
Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.
Posting Permissions
