NetBios passwd Cracking

Ok, so my neighbor thinks its funny to connect to my internet and use the internet for free, so instead of encrypting it, i thought i would experiment with security on her computer..

So ive netbios'd her drives and i want to gain admin privelages

I heard ENUM+.exe is good for cracking admin passes over netbios, and ive started the command line tool, and i did enum.exe -u ADMIN$ -D -f Passwd.exe 192.168.xx.xx

is the username always ADMIN$ or is it the username the victim logs into on his/her computer

The main problem im having tho is, that when i execute a dictonary attack, it just stops at the first line and says

(1) ADMIN$ | aaa password found: aaa

why does it do this?

I want it to search the whole wordlist to crack the password

How can i make it use the whole wordlist??

Please help

Jason :)

The username is not ADMIN$… that's the name of one of the hidden shares. The username would be "Administrator".

Zephyr_Pure wrote: The username is not ADMIN$… that's the name of one of the hidden shares. The username would be "Administrator".

Thank you Zephyr_Pure Ill try that, but why is it that when i load a txt wordlist into the application, it just scans the first word/line and gives the output that the first word is the cracked password?

Thank you Jason

Could've been a problem caused by not using a valid admin-level username. Guess we'll see when you try "Administrator" instead.

Zephyr-Pure, Ive tried different Username combinations and its still outputting the first word, Its beginning to annoy me and i was forced to ask for help, i dont know what to do :(

EDIT: I kinda got it working, but i get this error message:

return 1219, Multiple connections to a server or shared resource by the same use r, using more than one user name, are not allowed. Disconnect all previous conne ctions to the server or shared resource and try again..

The only problem is tho… is that i dont have any drives shared at this point, i disconnected them all and even restarted :S Jason

Now that I've looked back at the first post, I see you're using an exe file for your wordlist; you need a txt file there. Also, if you run into any other problems, go ahead and post the usernames that you've tried as well as the first few lines of your specified wordlist. Make sure the wordlist is in the same directory as Enum.

Edit: To make it easier for people to help you, describe specifically the steps you are taking and the errors you're getting. Also, did the dictionary attack even start / finish / get a password?

Zephyr_Pure wrote: Now that I've looked back at the first post, I see you're using an exe file for your wordlist; you need a txt file there. Also, if you run into any other problems, go ahead and post the usernames that you've tried as well as the first few lines of your specified wordlist. Make sure the wordlist is in the same directory as Enum.

Sorry that was a Typo, it was meant to be .txt lol

her name is Ann, Ive tried the following Username.. Administrator , Admin, Ann, Guest

And the first words of my wordlist are…

admin sysadm sysadmin operator manager lotus

But ive used more than one wordlist and its still the same

I did however try using the hostname instead of the Local IP

and it seemed to work but it says something about too many shared devices on the network, but ive disconnected all the shared drives and that but its still not working, lol

Jason

Try them in lowercase, too. You're disconnecting shared drives using "net use * /delete", right? And verifying with "net use" immediately after to list all open connections? It's giving the error when starting the dictionary attack, or when you try to connect to a hidden share?

Zephyr_Pure wrote: Try them in lowercase, too. You're disconnecting shared drives using "net use * /delete", right? And verifying with "net use" immediately after to list all open connections? It's giving the error when starting the dictionary attack, or when you try to connect to a hidden share?

Thank you for the delete all command, i didnt think about using a wildcard, lol, i deleted all the shared drives and used net use immediatly after and there were no drives showing, when i use a dictonary attack, it just pauses for a second or two, then it goes through all the passwords, and after each password it still says theres too many shared drives being used, i can access her C drive and CD/DVD drive, so i have no problems with that, also i just looked at a tutorial and i managed to share the IPC$, would this help?

Jason

Zubb21 wrote: Thank you for the delete all command, i didnt think about using a wildcard, lol, i deleted all the shared drives and used net use immediatly after and there were no drives showing, when i use a dictonary attack, it just pauses for a second or two, then it goes through all the passwords, and after each password it still says theres too many shared drives being used, i can access her C drive and CD/DVD drive, so i have no problems with that, also i just looked at a tutorial and i managed to share the IPC$, would this help?

Jason No prob; that net use command actually has a non-hacking purpose as well. Handy netadmin tool. :) Probably the two most common hidden shares are the C$ and IPC$ shares; C$ is sometimes necessary for programs to function correctly, and IPC$ has some purpose that I have forgotten. Either way, either of those should be your primary target. When you say "managed to share the IPC$", do you mean that you managed to access it? If so, try to connect to the C$ as well.

Take a screenshot of the command you're using and the resulting output in the terminal, and paste that here. That would be the best way to see what's going on. Keep it small. :)