UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
September
Su M Tu W Th F Sa
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30
Sponsored Links
Latest Postings
Doom 3
by Cyrez
09/11/14 08:58 PM
The History Thread...
by Cyrez
09/11/14 08:56 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666
08/22/14 09:21 AM
Latest Reviews
Topic Options
Rate This Topic
#8019 - 07/10/03 10:21 AM NetBIOS Auditing Tool
Smot Poker Offline
Junior Member

Registered: 07/05/03
Posts: 9
Hi Guys. I would like some advice or some info to steer me down the right road. I am a mature student taking an MCSE course. As part of the 2k server portion of the course, my instructor gives out bonus marks for a hack of the server. We get 10% per hack, so in theory we could end up with 130% as a final mark for 2k server. For the first hack, physical access to the server is allowed and I used NT Change Password to re-write the SAM and it was no prob. The second hack is remote, but it's only a default install with only the admin password in the way. I found a tool called NetBIOS Auditing Tool(NAT), which I tried at school and cracked 2K Pro, 2K member server and 2K Dc server. I did include my password in the wordlist of course to make sure it works. Here are the details, of which I hope you can use to help me in the right direction, or even tell me if i'm on the right path. NetBEUI, no lockout, 10 mins, my local machine has a triple boot with 2K pro, server and DC. The password will be at least 6 characters long. If I understand right, it will be between 6-9 characters. I can crack it, but my problem is nailing down a good wordlist so that I can hit in 10 mins and still have time to map a drive and get in quick enough to edit the txt file he requests to get my 10% bonus. Should I use the program that I have, or does anyone know of anything else that might get me in quicker? I was going to try Lophtcrack4, but syskey will prevent me from doing that. I also considered Brutus, but NAT did work and its REALLY fast, I just need a good wordlist.

BTW, I'm a virtual newbie only have been introduced to comps less than a 1 1/2 yrs ago, but i'm not lazy and have read many books. Not looking for a free lunch or to have it laid out, i would like a sense of accomplishement but wouldn't mind some advice.

Thanks!

Top
Sponsored Links
      
#8020 - 07/10/03 11:25 AM Re: NetBIOS Auditing Tool
Gollum Offline
Member

Registered: 06/05/02
Posts: 207
Loc: US
IMO, if he's trying to make this in any way difficult...he's probably not using a password which you would find in a wordlist. But, I don't get what you mean with your time constraints. Do you only have 10 min. from when you start brute forcing until you can edit the file?

Anyway, here are some links:

ftp://ftp.ox.ac.uk/pub/wordlists/
ftp://ftp.digital.com/pub/misc/stolfi-wordlists/
http://www.mirrors.wiretapped.net/security/host-security/wordlists/
//
_________________________
Unbodied unsouled unheard unseen
Let the gift be grown in the time to call our own
Truth is natural like a wind that blows
Follow the direction no matter where it goes
Let the truth blow like a hurricane through me

Top
#8021 - 07/10/03 11:41 AM Re: NetBIOS Auditing Tool
Smot Poker Offline
Junior Member

Registered: 07/05/03
Posts: 9
Hi Gollum,
First, thanks. That's right, 10 min from the time I start. On the 1st hack with physical access, all we had to do was add our name to the host file. I'm allowed to use Languard or any other vuln scanner to find hidden shares or whatever, but if i can find the pwd, the rest will be no problem. When I did it today with the wordlists I have, it only took 3-4 mins to run thru a list. I don't have enough time to run thru an entire dictionary, that's why I need a solid list. I forgot to mention that the pwd won't be giberish, only letters. He is making it somewhat easy and kinda playing the role of a dumb admin. Having said that, it looks like only 2 of us in the class are going to attempt it and no one in his class has ever got in on the second attempt because really we are only in our 3rd month and this is beyond where we need to be at this time. The third attempt during the final exam is going to be full security with firewall, disabled services and really strong password.
Again, thanks for the links

Top
#8022 - 07/10/03 06:33 PM Re: NetBIOS Auditing Tool
Gollum Offline
Member

Registered: 06/05/02
Posts: 207
Loc: US
hmmm...every single person is gonna be different. your best bet would be to find some common password wordlists, and edit it to make it more suited for you and the hack. names of towns nearby, stuff that you might be working on in class, names of schools, mascots, etc. even try learning about your prof himself. wife's name? dog? hobbies? etc. there is no "god-like wordlist" y'know? ::shrug:: that's about it.//
_________________________
Unbodied unsouled unheard unseen
Let the gift be grown in the time to call our own
Truth is natural like a wind that blows
Follow the direction no matter where it goes
Let the truth blow like a hurricane through me

Top
#8023 - 07/10/03 06:51 PM Re: NetBIOS Auditing Tool
Smot Poker Offline
Junior Member

Registered: 07/05/03
Posts: 9
ok man, appreciate your help and advice! With a bit of luck I will hit on it. I am gonna try a huge wordlist tomorrow and see how long it will take and if it's less than 9 mins I will do that. I can run several CMDs at once, so maybe if I break up the huge list and do it that way...? Myself and another student are trying to talk him into letting us tag-team the server, so who knows. At this point it's not even the 10% bonus, I just want to do it for learning purposes (and the rush LOL). If you have any suggestions or links for any other programs I could use for this hack, feel free.
Thanks very much

Top

Moderator:  Infinite 
Featured Member
Registered: 08/22/14
Posts: 1
Forum Stats
2148 Members
46 Forums
34352 Topics
69521 Posts

Max Online: 1567 @ 04/25/10 02:20 AM
Top Posters
UGN Security 27514
Gremelin 7192
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Gecko666, defghi795767, Devo60, ali, lavos
2147 Registered Users
Who's Online
0 registered (), 306 Guests and 273 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!