Results 1 to 6 of 6

Thread: How can I scan for Blank Administrator Accounts on Windows 2000/XP on my LAN?

  1. #1

    Question How can I scan for Blank Administrator Accounts on Windows 2000/XP on my LAN?

    Hello,

    I have my offline network (pentest lab) set up now in my room running on an old router without wireless (as the wireless is fried on this router).

    I have 3 machines on this test lab network, they are:

    1) This laptop - (The Attacker) - Running BackTrack3f
    2) Laptop 2 - (Victim Looser1) - Running Windows XP SP3 (Fully Updated)
    3) Workstation 1 - (Victim Looser2) - Running Windows 2000 (Fresh Install, no patches, no updates).

    Is there a program available (already within) BackTrack3f that will allow me to scan for "Blank Administrator Accounts" on the victim machines (Optional blank user accounts also)?

    I remember reading a "Hacking Exposed" book years ago and it stated that a program called "Nbtdump" made by Foundstone (Authors of Hacking Exposed) can search for blank passwords on Windows machines. Although that was roughly 7 years ago, obviously there is a new/fresh/updated/less buggy program available nowadays?

    Anyone have any ideas?

    Thanks.

    EDIT: Anyone know how to save/log every picture captured by Driftnet to a file? Say I visited several websites, within that time Driftnet's window clears the previous images; loading the fresh/live ones.

    Thanks again

  2. #2
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default

    I dont know if it is possible to view the pics on the fly and have them auto save, but you can use the a switch (-a) to run it in adjunct mode then use (-d) for output directory e.g

    driftnet -a -d /root/desktop/driftnetpics

    you can of course ommit the switches just use driftnet and just right click on any intresting pics you see and save them.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  3. #3

    Default

    Quote Originally Posted by killadaninja View Post
    I dont know if it is possible to view the pics on the fly and have them auto save, but you can use the a switch (-a) to run it in adjunct mode then use (-d) for output directory e.g

    driftnet -a -d /root/desktop/driftnetpics

    you can of course ommit the switches just use driftnet and just right click on any intresting pics you see and save them.
    Hey killadaninja,

    Thanks a million mate, this is working a treat! (Driftnet Log)

    Okay, it doesn't show me the pictures in real time. But that is ok, as that is just eye candy anyway. This is working fantastic, this is just what I wanted.

    Anyone have any ideas on the blank password scanning?

    I was thinking along the lines of adding some kind of script to nmap that could scan the internal IP range (192.168.1.1-255). Is there a program already within BT3f that has this capability?

    (btw, thanks killadaninja for replying to this thread and the previous one I created).

  4. #4
    Junior Member FrankFruter's Avatar
    Join Date
    Dec 2008
    Posts
    29

    Default

    Is there a program available (already within) BackTrack3f that will allow me to scan for "Blank Administrator Accounts" on the victim machines (Optional blank user accounts also)?
    GFI LanGuard 2.0
    Code:
    Menu>Backtrack>Vulnerability Identification>Securityscanner>GFI LanGuard 2.0
    :cool::cool::cool::cool:

  5. #5
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    * you cant do remote shit with blank administrator password by default !
    * you may want to look info the new smb_relay tool at milw0rm or my script
    http://forums.remote-exploit.org/showthread.php?t=1288

    some other cool stuff on my main site you may want.

  6. #6

    Default

    Quote Originally Posted by FrankFruter View Post
    GFI LanGuard 2.0
    Code:
    Menu>Backtrack>Vulnerability Identification>Securityscanner>GFI LanGuard 2.0
    Hey hey, the cool man himself

    GFI-LG2 is a great tool, I have loaded it and played around with it for a while and kept getting "no computers found" and also "please adjust settings/delay etc". It is a good tool, it has a lot of options and I forgot that it cracks aswell (Even though I am looking for blank password fields - I will use the 'null' setting). Happy days I will read the manual on it, search Google for useful examples/tutorials/guides and after I post this I will search the forums for any GFI-LG2 related threads.

    Cheers Frank (lol reminds me of an advertisement that is really funny here in Ireland its called "Talk to Frank" lol, its about drug problems and people smuggling cocaine in dogs LOL! You should search YouTube for that advertisement its seriously funny).

    Quote Originally Posted by operat0r View Post
    * you cant do remote shit with blank administrator password by default !
    * you may want to look info the new smb_relay tool at milw0rm or my script
    hxxp://forums_DOT_remote-exploit_DOT_org/showthread_DOT_php?t=1288

    some other cool stuff on my main site you may want.
    Hi there operat0r,
    I was asking about local passwords, but that is also very interesting about the remote "shit". I have been following Gary McKinnon's story for a few years now, the poor guy remotely scanned IP ranges on "forbidden IP zones" (Military/NASA/USAF/USNI etc) for blank Administrator password fields. It was because they used a cloned discs of XP for the entire network. I signed the petition to free Gary...I dont think my signature will count anyway, but worth the shot ehh?

    Thanks for the milw0rm advice, I will poky through the site and try and find a related smb_relay script. The link you posted is invalid, broken etc. (I had to alter the link in my post in order to post this reply).

    cheers

    Any other thoughts/stories on this subject?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •