From 52c04cdec6ddd7772bc65cc8b2084b74de3e8fc0 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 30 Mar 2014 15:14:53 -0400 Subject: [PATCH] Resolving issue #14 added two tools, acccheck and nbtscan, and corrected a typo in the link for zenmap. --- infogathering/index.md | 2 +- tools/acccheck.md | 46 +++++++++++++++++++++++++++++++ tools/nbtscan.md | 62 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 tools/acccheck.md create mode 100644 tools/nbtscan.md diff --git a/infogathering/index.md b/infogathering/index.md index 562b99b..91779f9 100644 --- a/infogathering/index.md +++ b/infogathering/index.md @@ -111,7 +111,7 @@ SMB Analysis * [acccheck](../tools/acccheck.md) * [nbtscan](../tools/nbtscan.md) * [nmap](../tools/nmap.md) - * [zenmap](../tools.zenmap.md) + * [zenmap](../tools/zenmap.md) SMTP Analysis ------------ diff --git a/tools/acccheck.md b/tools/acccheck.md new file mode 100644 index 0000000..d7de63d --- /dev/null +++ b/tools/acccheck.md @@ -0,0 +1,46 @@ +# acccheck + +Notes +------- + +Help Text +------- +``` +acccheck.pl v0.2.1 - By Faiz + +Description: +Attempts to connect to the IPC$ and ADMIN$ shares depending on which flags have been +chosen, and tries a combination of usernames and passwords in the hope to identify +the password to a given account via a dictionary password guessing attack. + +Usage = ./acccheck.pl [optional] + + -t [single host IP address] + OR + -T [file containing target ip address(es)] + +Optional: + -p [single password] + -P [file containing passwords] + -u [single user] + -U [file containing usernames] + -v [verbose mode] + +Examples +Attempt the 'Administrator' account with a [BLANK] password. + acccheck.pl -t 10.10.10.1 +Attempt all passwords in 'password.txt' against the 'Administrator' account. + acccheck.pl -t 10.10.10.1 -P password.txt +Attempt all password in 'password.txt' against all users in 'users.txt'. + acccehck.pl -t 10.10.10.1 -U users.txt -P password.txt +Attempt a single password against a single user. + acccheck.pl -t 10.10.10.1 -u administrator -p password + +``` + +Example Usage +------- + +Links +------- + diff --git a/tools/nbtscan.md b/tools/nbtscan.md new file mode 100644 index 0000000..4af2a39 --- /dev/null +++ b/tools/nbtscan.md @@ -0,0 +1,62 @@ +# nbtscan + +Notes +------- + +Help Text +------- +``` +"Human-readable service names" (-h) option cannot be used without verbose (-v) option. +Usage: +nbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] [-r] [-q] [-s separator] [-m retransmits] (-f filename)|() + -v verbose output. Print all names received + from each host + -d dump packets. Print whole packet contents. + -e Format output in /etc/hosts format. + -l Format output in lmhosts format. + Cannot be used with -v, -s or -h options. + -t timeout wait timeout milliseconds for response. + Default 1000. + -b bandwidth Output throttling. Slow down output + so that it uses no more that bandwidth bps. + Useful on slow links, so that ougoing queries + don't get dropped. + -r use local port 137 for scans. Win95 boxes + respond to this only. + You need to be root to use this option on Unix. + -q Suppress banners and error messages, + -s separator Script-friendly output. Don't print + column and record headers, separate fields with separator. + -h Print human-readable names for services. + Can only be used with -v option. + -m retransmits Number of retransmits. Default 0. + -f filename Take IP addresses to scan from file filename. + -f - makes nbtscan take IP addresses from stdin. + what to scan. Can either be single IP + like 192.168.1.1 or + range of addresses in one of two forms: + xxx.xxx.xxx.xxx/xx or xxx.xxx.xxx.xxx-xxx. +Examples: + nbtscan -r 192.168.1.0/24 + Scans the whole C-class network. + nbtscan 192.168.1.25-137 + Scans a range from 192.168.1.25 to 192.168.1.137 + nbtscan -v -s : 192.168.1.0/24 + Scans C-class network. Prints results in script-friendly + format using colon as field separator. + Produces output like that: + 192.168.0.1:NT_SERVER:00U + 192.168.0.1:MY_DOMAIN:00G + 192.168.0.1:ADMINISTRATOR:03U + 192.168.0.2:OTHER_BOX:00U + ... + nbtscan -f iplist + Scans IP addresses specified in file iplist. +``` + +Example Usage +------- + +Links +------- +