Bruter :: SMB
The SMB module tests accounts against SMB service.
The result from this module may contain a "note". The below is a complete description of the "note"
- Not granted - The user has not been granted the requested logon type at this computer.
- PWD change - The user's password must be changed before logging on the first time.
- Disabled - The account is currently disabled.
- Logon wksta - The account is not authorized to log on into a target.
- Logon hour - Attempting to log in during an unauthorized time of day for this account.
- PWD expired - The specified account password has expired.
- ACC expired - The specified account has expired.
Remark: Make sure the target does not enable account lock out policy. Otherwise, you might cause a
Denial-of-Service (DoS) attack on the target system by freezing all the testing accounts.
Remark: Do not set "Connections" value too high. It can cause CPU usage on the target to be 100%.
Note: "Max Attempt/Connection" can be set to 0.
Note: When ace1 tested againsts Windows 7 with "Connections" value 15, the pwd/sec is more than 10000.
Do not expect you will get the same speed as him. The speed is depended on many factors (network latency,
target OS, target hardware, target configuration, ...)
Option(s)
- Authen Type: The SMB authentication type.
- LM: In this type, passwords are case insensitive. "PasSWorD", "password" and "PASSWORD" (and ...) are same passwords.
Remark: The error codes (from a server) of this authentication type are not same as other authentications types.
- "Not granted" will be wrong password
- "ACC expired" will be "Disabled"
- "PWD change" will be "PWD expired"
- Locked out will be wrong password
Remark: If LM hash is not stored or LM authentication is refused by policy, the result will be same as
wrong password.
- NTLM: Use NTLM response for authentication.
Remark: If NTLM authentication is refused by policy, the result will be same as wrong password.
- LMv2: Use LMv2 response for authentication. This type can be used when the server accepts only NTLMv2 response.
- NTLMv2: Use NTLMv2 response for authentication.
Remark: Windows Vista/2008/7 returns INVALID_PARAMETER error code.
Try Domain: This option is useful when a target is "Domain member". The Workgroup/Domain value in
packet depends on this option.
- Local First: This makes the Workgroup/Domain value to be blank. The target checks the credentials
locally. If the username does not exist, then the target checks credentials on its domain controller.
- Domain First: This makes the Workgroup/Domain value to be a target doamin name. The target checks
the credentials on its domain controller. If the username does not exist, then the target checks credentials locally.
- Local Only: This makes the Workgroup/Domain value to be a target computer name. The target only checks
the credentials locally.
Note: LM authentication does not have Workgroup/Domain field. If you select it, the testing will be same as "Local First".
Over NetBIOS: If this option is checked, SMB data will be sent over "NetBIOS over TCP" (NetBT).
Back