Title: Quick n Easy Domain account bruteforcer
Post by: seanuk on November 09, 2010, 01:22:08 PM
I thought you may be the best people to approach for an issue I have...
I look after around 200 small businesses and wanted to produce a script that I could use to quickly pull usernames from the server and crack them in a few simple clicks to demonstrate the dangers of weak passwords.
I came up with the following which I have posted to my blog.
this is working great for win2k/2003 domain controllers, but now seeing as many of my clients are moving over to server 2008 (sbs2008) I need to find a way of achieving the same results.
So far the only way I can get get it to pull down the usernames is to enter the domain admin credentials via the script-args.
There is very little, if no research out there for doing this so I am wondering if anyone can think of a way to make this work.
I am a bit of a begginner when it comes to programming, so I have used this opportunity to help me learn some bash scripting.
From the testing i've done it seems that it will not work with just a regular domain user/pass, ONLY the domain admin account.
There must be a way around this since domain users can join their pc's to the domain and then enumerate via net users /domain. (no domain admin account required)
thanks in advance.