Acccheck Attempts to connect to the IPC and ADMIN shares depending on which flags have been chosen, and tries a combination of usernames and passwords in the hope to identify the password to a given account via a dictionary password guessing attack. this tool is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol. It is really a wrapper script around the ‘smbclient’ binary, and as a result is dependent on it for its execution. only use -v mode on very small dictionaries, otherwise, this has the affect of slowing the scan down to the rate the system writes to standard out.
The simplest way to run acccheck is as follows:
This mode of execution attempts to connect to the target ADMIN share with the username ‘Administrator’ and a [BLANK] for the password.
This mode of execution attempts to connect to the target IPC share with the username ‘test’ and a password‘test’.
Each -t, -u and -p flags can be substituted by -T, -U and -P, where each represents an input file rather than a single input from standard in.
acccheck -T iplist -U userfile -P passwordfile
Only use -v mode on very small dictionaries, otherwise, this has the affect of slowing the scan down to the rate the system writes to standard out.
Any username/password combinations found are written to a file called ‘cracked’ in the working directory.
Options:
-t [single host IP address]
OR
-T [file containing target ip address(es)]
Optional:
-p [single password]
-P [file containing passwords]
-u [single user]
-U [file containing usernames]
-v [verbose mode]
Examples:
Attempt the ‘Administrator’ account with a [BLANK] password.
acccheck.pl -t 10.10.10.1
Attempt all passwords in ‘password.txt’ against the ‘Administrator’ account.
acccheck.pl -t 10.10.10.1 -P password.txt
Attempt all password in ‘password.txt’ against all users in ‘users.txt’.
acccehck.pl -t 10.10.10.1 -U users.txt -P password.txt
Attempt a single password against a single user.
acccheck.pl -t 10.10.10.1 -u administrator -p password
Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you
The simplest way to run acccheck is as follows:
This mode of execution attempts to connect to the target ADMIN share with the username ‘Administrator’ and a [BLANK] for the password.
This mode of execution attempts to connect to the target IPC share with the username ‘test’ and a password‘test’.
Each -t, -u and -p flags can be substituted by -T, -U and -P, where each represents an input file rather than a single input from standard in.
acccheck -T iplist -U userfile -P passwordfile
Only use -v mode on very small dictionaries, otherwise, this has the affect of slowing the scan down to the rate the system writes to standard out.
Any username/password combinations found are written to a file called ‘cracked’ in the working directory.
Options:
-t [single host IP address]
OR
-T [file containing target ip address(es)]
Optional:
-p [single password]
-P [file containing passwords]
-u [single user]
-U [file containing usernames]
-v [verbose mode]
Examples:
Attempt the ‘Administrator’ account with a [BLANK] password.
acccheck.pl -t 10.10.10.1
Attempt all passwords in ‘password.txt’ against the ‘Administrator’ account.
acccheck.pl -t 10.10.10.1 -P password.txt
Attempt all password in ‘password.txt’ against all users in ‘users.txt’.
acccehck.pl -t 10.10.10.1 -U users.txt -P password.txt
Attempt a single password against a single user.
acccheck.pl -t 10.10.10.1 -u administrator -p password
Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you
No comments