Previous Thread
Next Thread
Print Thread
Rate Thread
#8019 07/10/03 09:21 AM
Joined: Jul 2003
Posts: 9
S
Junior Member
Junior Member
S Offline
Joined: Jul 2003
Posts: 9
Hi Guys. I would like some advice or some info to steer me down the right road. I am a mature student taking an MCSE course. As part of the 2k server portion of the course, my instructor gives out bonus marks for a hack of the server. We get 10% per hack, so in theory we could end up with 130% as a final mark for 2k server. For the first hack, physical access to the server is allowed and I used NT Change Password to re-write the SAM and it was no prob. The second hack is remote, but it's only a default install with only the admin password in the way. I found a tool called NetBIOS Auditing Tool(NAT), which I tried at school and cracked 2K Pro, 2K member server and 2K Dc server. I did include my password in the wordlist of course to make sure it works. Here are the details, of which I hope you can use to help me in the right direction, or even tell me if i'm on the right path. NetBEUI, no lockout, 10 mins, my local machine has a triple boot with 2K pro, server and DC. The password will be at least 6 characters long. If I understand right, it will be between 6-9 characters. I can crack it, but my problem is nailing down a good wordlist so that I can hit in 10 mins and still have time to map a drive and get in quick enough to edit the txt file he requests to get my 10% bonus. Should I use the program that I have, or does anyone know of anything else that might get me in quicker? I was going to try Lophtcrack4, but syskey will prevent me from doing that. I also considered Brutus, but NAT did work and its REALLY fast, I just need a good wordlist.

BTW, I'm a virtual newbie only have been introduced to comps less than a 1 1/2 yrs ago, but i'm not lazy and have read many books. Not looking for a free lunch or to have it laid out, i would like a sense of accomplishement but wouldn't mind some advice.

Thanks!

Sponsored Links
▼ Sponsored Links ▼ ▲ Sponsored Links ▲
#8020 07/10/03 10:25 AM
Joined: Jun 2002
Posts: 207
Member
Member
Joined: Jun 2002
Posts: 207
IMO, if he's trying to make this in any way difficult...he's probably not using a password which you would find in a wordlist. But, I don't get what you mean with your time constraints. Do you only have 10 min. from when you start brute forcing until you can edit the file?

Anyway, here are some links:

ftp://ftp.ox.ac.uk/pub/wordlists/
ftp://ftp.digital.com/pub/misc/stolfi-wordlists/
http://www.mirrors.wiretapped.net/security/host-security/wordlists/
//


Unbodied unsouled unheard unseen
Let the gift be grown in the time to call our own
Truth is natural like a wind that blows
Follow the direction no matter where it goes
Let the truth blow like a hurricane through me
#8021 07/10/03 10:41 AM
Joined: Jul 2003
Posts: 9
S
Junior Member
Junior Member
S Offline
Joined: Jul 2003
Posts: 9
Hi Gollum,
First, thanks. That's right, 10 min from the time I start. On the 1st hack with physical access, all we had to do was add our name to the host file. I'm allowed to use Languard or any other vuln scanner to find hidden shares or whatever, but if i can find the pwd, the rest will be no problem. When I did it today with the wordlists I have, it only took 3-4 mins to run thru a list. I don't have enough time to run thru an entire dictionary, that's why I need a solid list. I forgot to mention that the pwd won't be giberish, only letters. He is making it somewhat easy and kinda playing the role of a dumb admin. Having said that, it looks like only 2 of us in the class are going to attempt it and no one in his class has ever got in on the second attempt because really we are only in our 3rd month and this is beyond where we need to be at this time. The third attempt during the final exam is going to be full security with firewall, disabled services and really strong password.
Again, thanks for the links wink

#8022 07/10/03 05:33 PM
Joined: Jun 2002
Posts: 207
Member
Member
Joined: Jun 2002
Posts: 207
hmmm...every single person is gonna be different. your best bet would be to find some common password wordlists, and edit it to make it more suited for you and the hack. names of towns nearby, stuff that you might be working on in class, names of schools, mascots, etc. even try learning about your prof himself. wife's name? dog? hobbies? etc. there is no "god-like wordlist" y'know? ::shrug:: that's about it.//


Unbodied unsouled unheard unseen
Let the gift be grown in the time to call our own
Truth is natural like a wind that blows
Follow the direction no matter where it goes
Let the truth blow like a hurricane through me
#8023 07/10/03 05:51 PM
Joined: Jul 2003
Posts: 9
S
Junior Member
Junior Member
S Offline
Joined: Jul 2003
Posts: 9
ok man, appreciate your help and advice! With a bit of luck I will hit on it. I am gonna try a huge wordlist tomorrow and see how long it will take and if it's less than 9 mins I will do that. I can run several CMDs at once, so maybe if I break up the huge list and do it that way...? Myself and another student are trying to talk him into letting us tag-team the server, so who knows. At this point it's not even the 10% bonus, I just want to do it for learning purposes (and the rush LOL). If you have any suggestions or links for any other programs I could use for this hack, feel free.
Thanks very much


Link Copied to Clipboard
Member Spotlight
None yet
Forum Statistics
Forums41
Topics33,840
Posts68,858
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Dartur 1
Cyrez 1
Girlie 1
unreal 1
Powered by UBB.threads™ PHP Forum Software 8.0.0