[nexpose-users] FW: Custom Checks for Microsoft AD Account access
Rowland Johnson
rjohnson at nettitude.com
Mon Mar 22 15:27:25 PDT 2010
Hi there
I have read the previous posts, and can see a number of threads around custom check for account/password enumeration.
I was wondering if someone might be able to help provide some guidance on a custom check that tests usernames extracted from AD, against a small list of passwords. For instance, as part of a test, I might be able to enumerate 50 usernames, such as fbloggs, sjones, mpatterson etc. from AD. It would be really helpful if I could devise a check to provide a default password test against each of these accounts with a password of 'password1', or 'customer' as the password.
As an alternative - would it be able to generate a password file to send? The intent, is not to bruteforce the passwords, but rather to do a very simple check against 1 or 2 passwords that aren't the default of <blank> or <password>
Any pointers that can be provided will be greatly received.
Thanks....Nettitude
______________________________________________________________________
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.
This footnote also confirms that this email message has been swept by a content checking tool for the presence of computer viruses.
Nettitude Limited is a Company registered in England
Registered Address
Nettitude Limited, Fosse House, Fosse Way, Leamington Spa, Warwickshire, CV31 1XG
Company Registration Number: 4705154
VAT Number: 812 4539 44
www.nettitude.com
______________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/nexpose-users/attachments/20100322/9affda77/attachment.html>
More information about the nexpose-users
mailing list