Friday, February 26, 2010

Enumeration Tools

Posted on  by   with No comments:
Hacking Tool: Enum

Enum is a console-based Win32 information enumeration utility.
Using null sessions, enum can retrieve user lists, machine lists, share lists, name lists, group and membership lists, password and LSA policy information.
enum is also capable of rudimentary brute force dictionary attack on individual accounts.
enum is a tool written by Jordan Fitter to enumerate, using null and user sessions, Win NT/2000 information. enum is a console-based Win32 information enumeration utility. Using null sessions, enum can retrieve userlists, machine lists, sharelists, namelists, group and member lists, password and LSA policy information. enum is also capable of a rudimentary brute force dictionary attack on individual accounts.

Hacking tool: Userinfo

•Userinfo is a little function that retrieves all available information about any known user from any NT/Win2k system that you can hit 139 on.
•Specifically calling the NetUserGetInfo API call at Level 3, Userinfo returns standard info like
◦SID and Primary group
◦logon restrictions and smart card requirements
◦special group information
◦pw expiration information and pw age
•This application works as a null user, even if the RA set to 1 to specifically deny anonymous enumeration.

Hacking Tool: GetAcct

GetAcct sidesteps "RestrictAnonymous=1" and acquires account information on Windows NT/2000 machines. Input the IP address or NetBIOS name of a target computer in the "Remote Computer" column. Input the number of 1000 or more in the "End of RID" column. The RID is user's relative identifier by which the Security Account Manager gives it when the user is created. Therefore, it is input as 1100, if there are 100 users.
GetAcct shows the information that leaks by opening an anonymous login and showing the following information:
◦An enumeration of user IDs,
◦account names and full names
◦Password age
◦User groups the user is a member of
◦Account type
◦Whether the account is disabled or locked
◦Password policies
◦Last logon time, Number of logons
◦Bad password count
◦Quotas


0 comments:

Post a Comment