Saturday, 11 February 2017

acccheck

This tool is designed as a password dictionary attack tool, that targets Windows Authentication via SMB protocol. It's a wrapper script around 'smbclient' binary and as a result is dependent on it for its execution.

Server Message Block (SMB) Protocol is a network file sharing protocol and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The set of message packets that defines a particular version of the protocol is called a dialect. The Common Internet File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS are also available on VMS, several versions of Unix, and other operating systems.

SMB can run on top of the Session Layer:
Directly over TCP, port 445;
Via the NetBIOS API, which in turn can run on several transports;
On UDP ports 137, 138 & TCP ports 137, 139 (NetBIOS over TCP/IP);
On several legacy protocols such as NBF (incorrectly referred to as NetBEUI).
The SMB “Inter-Process Communication” (IPC) system provides named pipes and was one of the first inter-process mechanisms commonly available to programmers that provides a means for services to inherit the authentication carried out when a client first connected to an SMB server.


The simplest way to run acccheck is a follows:

1. ./acccheck 198.168.10.1 
This mode of execution attempts to connect to the target ADMIN share with the username ‘Administrator’ and a [BLANK] for the password.

1. ./acccheck.pl -t 192.168.10.1 -u test -p test
This mode of execution attempts to connect to the target IPC share with the username ‘test’ and a password ‘test’.

Each -t, -u and -p flags can be substituted by -T, -U and -P, where each represents an input file rather than a single input from standard in.

E.g.
1. ./acccheck.pl -T iplist -U userfile -P passwordfile
Only use -v mode on very small dictionaries, otherwise, this has the affect of slowing the scan down to the rate the system writes to standard out.

Any username/password combinations found are written to a file called ‘cracked’ in the working directory.