Testing for unpassworded guest access on a Windows host.
ae0a78a2ffee51a1fc4961d64bbdfdaf<HTML>
<HEAD>
<TITLE>Test for Guest</TITLE>
</HEAD>
<BODY BGCOLOR="#ffffff" LINK="#0000ff">
<B><P ALIGN="CENTER">Test for Guest</P>
<FONT SIZE=2><P> </P>
<P> </P>
<P>What it does :</B> Test for Guest tests for an enabled guest account with no password set on it, on a number of (NT or Linux) machines in a given range of IP addresses eg 123.123.123.1 to 123.123.123.256. </P>
<P> </P>
<B><P>How it works :</B> NT has a hidden share IPC$. This is to allow connections from remote machines using some form of InterProcess Communication method. Test for Guest will try and make a connection to this IPC$ share on the target machine supplying t
he guest account with no password as the logon credentials.</P>
<P> </P>
<B><P>net use </B></FONT><B><FONT SIZE=3>\\123.123.123.123\ipc$</B></FONT></A><B><FONT SIZE=2> "" /user:guest</P>
<P> </P>
</B><P>Incidently you can connect to the IPC$ share in a null session, that is without supplying any credentials. You use the following command to do so :</P>
<P> </P>
<B><P>net use </B></FONT><B><FONT SIZE=3>\\123.123.123.123\ipc$</B></FONT></A><B><FONT SIZE=2> "" /user:""</P>
</B><P> </P>
<B><P>Running it</B> : You need the Perl 5 script interpreter and Windows NT (maybe it’ll run on 95) to run this. From a command prompt run: </P>
<P> </P>
<B><P>c:\perl5\bin>perl test4gst.pl</P>
</B><P> </P>
<P>You’ll be prompted for a network address (that is the first 3 bytes of an IP address as if it were a class C network.) eg 123.123.123 . Test for Guest will then try the guest account starting with 123.123.123.1, then 123.123.123.2 and so on upto 123.1
23.123.255. Depending on the speed of your modem it will take around 250 mins to test 255 machines.</P>
<P> </P>
<P>What you’re looking for is the response : "The command completed successfully." This means the Guest account is enabled and has no password on it so you now know a valid NT account and its password for that machine. Below I’ve listed some e
rrors that may occur and what they mean</P>
<P> </P>
<B><P>System error 53 has occurred.</P>
<P>The network path could not be found.</P>
</B><P>Either the host is unreachable or there is no IPC$ share on the machine.</P>
<P> </P>
<B><P>System error 1326 has occurred.</P>
<P>Logon failure : Unknown username or bad password</P>
</B><P> </P>
<B><P>System error 1331 has occurred.</P>
<P>Logon failure : account currently disabled.</P>
</B><P>The guest account has not been enabled by the admin.</P>
<P> </P>
<B><P>System error 1909 has occurred.</P>
<P>The referenced account is currently locked out and may not be logged on to.</P>
</B><P>This is a good response. You know the account is enabled, it is just temporarily locked out. Try again later.</P>
<P> </P>
<B><P>System error 1240 has occurred.</P>
<P>The account is not authorized to login from this station.</P>
</B><P>This response will probably be from a LINUX machine that only authorizes the guest account to log on from machines with certain IP addresses.</P>
<P> </P>
<P>How to get it : <A HREF="test4gst.txt">Click here</a>. This will take you to test4gst.txt. Cut and paste into notepad and save as test4gst.pl. Unfortunately if I put it up as test4gst.pl this server will send down in one long line.</P>
<P> </P>
<P> </P></FONT></BODY>
</HTML>
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!