Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 46

Thread: Shadow kill

  1. #11
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default

    Quote Originally Posted by ShadowKill View Post
    Hey man, personal feelings are totally cool as long as they are within reason and semi-justified. Everyone has opinions, and who am I to tell someone they're wrong for having them. That's the nature of humanity. Call people out if you must, I sure do, but try and make it tasteful and provide sufficient reason to backup your statement(s)
    Yeh i agree but as you are a pentester you know anything about Enum+ bruteforcing netbios pass?
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  2. #12
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by killadaninja View Post
    Yeh i agree but as you are a pentester you know anything about Enum+ bruteforcing netbios pass?
    Well from what I remember it is an .exe with the capability of grabbing user and group lists, share lists (ie enum.exe -S 31.3.3.7), password and LSA policy information, etc etc

    You can also use it to bruteforce said shares as well as dict-attack.

    Did you have anything specific you wanted to know?



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  3. #13
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default

    Quote Originally Posted by ShadowKill View Post
    Well from what I remember it is an .exe with the capability of grabbing user and group lists, share lists (ie enum.exe -S 31.3.3.7), password and LSA policy information, etc etc

    You can also use it to bruteforce said shares as well as dict-attack.

    Did you have anything specific you wanted to know?
    well if possible and i know its asking alot the command to brute force a netbios administrator restricted share e.g


    c:\users\administrator>netuse * \\**.0.10.***\c$ will then ask for my password witch way would i go around using enum to bruteforce the password ive set my login policy attempts to 0 with no timeout for this exersize username ill be using will be administrato
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  4. #14
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    2

    Default

    Quote Originally Posted by streaker69 View Post
    [...]
    BTW, my post count is higher than both yours combined, so I must be some kind of godguru or something.[...]
    Ok, and what do I gain if I pray to you? A lower ASN or some special huuguu?

    Just kidding, Mick

  5. #15
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default

    If you are near a box running windows, I can link you to the prog so you can look at it if need be. Maybe my help file is corrupted, or non existent
    Last edited by killadaninja; 06-24-2010 at 06:31 AM.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  6. #16
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by killadaninja View Post
    well if possible and i know its asking alot the command to brute force a netbios administrator restricted share e.g


    c:\users\administrator>netuse * \\**.0.10.***\c$ will then ask for my password witch way would i go around using enum to bruteforce the password ive set my login policy attempts to 0 with no timeout for this exersize username ill be using will be administrato
    It should just be
    Code:
    C:\...\...\...\enum.exe -u administrato -b IP_HERE
    I would check the help file to be sure though. enum.exe -h



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  7. #17
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default

    Seems Nmap can enumerate better than this so called enumeration tool, "access denied" yet nmap can. I only want to use enum for its brute forcing capabilities.
    Last edited by killadaninja; 06-24-2010 at 06:34 AM.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  8. #18
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default

    Quote Originally Posted by ShadowKill View Post
    It should just be
    Code:
    C:\...\...\...\enum.exe -u administrato -b IP_HERE
    I would check the help file to be sure though. enum.exe -h
    "Fatal unknown switch", Hmm what am I missing here?
    Last edited by killadaninja; 06-24-2010 at 06:37 AM.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  9. #19
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by killadaninja View Post
    fatel unknown switch
    Which switch?

    usage: enum.exe [switches] [hostname|ip]
    -U: get userlist
    -M: get machine list
    -N: get namelist dump (different from -U|-M)
    -S: get sharelist
    -P: get password policy information
    -G: get group and member list
    -L: get LSA policy information
    -d: be detailed, applies to -U and -S
    -D: dictionary crack, needs -u and -f
    -b: bruce force crack, needs -u for specify user to crack
    -c: don't cancel sessions
    -u: specify username to use (default "")
    -p: specify password to use (default "")
    -f: specify dictfile to use (wants -D)

    Run enum.exe -S YOUR_IP and see if it is even picking up your share



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  10. #20
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default

    C:\Users\Administrator>ENUM.EXE -S 10.0.10.198
    server: 10.0.10.198
    setting up session... success.
    enumerating shares (pass 1)... fail
    return 5, Access is denied.
    cleaning up... success.

    C:\Users\Administrator>


    C:\Users\Administrator>enum.exe
    usage: enum.exe [switches] [hostname|ip]
    -U: get userlist
    -M: get machine list
    -N: get namelist dump (different from -U|-M)
    -S: get sharelist
    -P: get password policy information
    -G: get group and member list
    -L: get LSA policy information
    -D: dictionary crack, needs -u and -f
    -d: be detailed, applies to -U and -S
    -c: don't cancel sessions
    -u: specify username to use (default "")
    -p: specify password to use (default "")
    -f: specify dictfile to use (wants -D)
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

Page 2 of 5 FirstFirst 1234 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •