Password Guessing

Password guessing attacks are discussed here and in other sections of this study guide. Many times, pass-word guessing is successful because people like to use easy to remember words and phrases. A diligent attacker will look for subtle clues throughout the enumeration process to key in on probable words or phrases the account holder may have used for a password. Accounts that will be focused on for possible attack include:

Accounts that haven't changed passwords

Service accounts

Shared accounts

Accounts that indicate the user has never logged in

Accounts that have information in the comment field that may compromise password Security


Manual Password Guessing

Assuming that a vulnerable account has been identified, the most common method of attack is manual password guessing. The net use command can be issued from the command line to attempt the connec-tion. An example is shown below:

C:\>net use * \\172.20.10.79\c$ * /u:administrator

Type the password for \\172.20.10.79\c$:

The command completed successfully

If you don't think manual password guessing works, check out the link below:
http://hig.beesecure.org/r005_password_guessing_works.html


Performing Automated Password Guessing

If manual password cracking was unsuccessful, attackers will most likely turn to automated tools. Most automated password guessing tools use dictionaries to try to crack accounts. These attacks can be auto-mated from the command line by using the "FOR" command or they can also be attempted by using tools such as NAT or ENUM. To use NAT, two files would first need to be created. The first would contain a list of possible user names, while the second would comprise a dictionary file. Each user name would be at-tempted with every word in the dictionary until a match was achieved or all possibilities were exhausted.

The command line syntax for NAT is shown below:

C:\NAT
Usage: nat [-u userlist] [-p passlist]