The tool is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol. It is really a wrapper script around the ‘smbclient’ binary, and as a result is dependent on it for its execution.
一个基于微软SMB协议的口令攻击工具,IPC共享攻击工具
常用端口为135,139
个人感觉该工具攻击的范围及能力有限,不过在特定情况下也可以发挥一定的作用
acccheck – Password dictionary attack tool for SMB
root@kali:~# acccheck
acccheck v0.2.1 - By Faiz
Description:
Attempts to connect to the IPC
andADMIN
shares depending on which flags have been
chosen, and tries a combination of usernames and passwords in the hope to identify
the password to a given account via a dictionary password guessing attack.
Usage = ./acccheck [optional]
-t [single host IP address]
OR
-T [file containing target ip address(es)]
Optional:
-p [single password]
-P [file containing passwords]
-u [single user]
-U [file containing usernames]
-v [verbose mode]
Examples
Attempt the ‘Administrator’ account with a [BLANK] password.
acccheck -t 10.10.10.1
Attempt all passwords in ‘password.txt’ against the ‘Administrator’ account.
acccheck -t 10.10.10.1 -P password.txt
Attempt all password in ‘password.txt’ against all users in ‘users.txt’.
acccehck -t 10.10.10.1 -U users.txt -P password.txt
Attempt a single password against a single user.
acccheck -t 10.10.10.1 -u administrator -p password
acccheck Usage Example
Scan the IP addresses contained in smb-ips.txt (-T) and use verbose output (-v):
root@kali:~# acccheck.pl -T smb-ips.txt -v
Host:192.168.1.201, Username:Administrator, Password:BLANK
707
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
