ridenum's Introduction

RID_ENUM - A simple open source method for performing null session brute forces

Written by: David Kennedy (ReL1K)
Twitter: @HackingDave and @TrustedSec
Website: https://www.trustedsec.com

.______       __   _______         _______ .__   __.  __    __  .___  ___.
|   _  \     |  | |       \       |   ____||  \ |  | |  |  |  | |   \/   |
|  |_)  |    |  | |  .--.  |      |  |__   |   \|  | |  |  |  | |  \  /  |
|      /     |  | |  |  |  |      |   __|  |  . `  | |  |  |  | |  |\/|  |
|  |\  \----.|  | |  '--'  |      |  |____ |  |\   | |  `--'  | |  |  |  |
| _| `._____||__| |_______/  _____|_______||__| \__|  \______/  |__|  |__|
                            |______|

Written by: David Kennedy (ReL1K)
Company: https://www.trustedsec.com
Twitter: @TrustedSec
Twitter: @HackingDave

Rid Enum is a RID cycling attack that attempts to enumerate user accounts through
null sessions and the SID to RID enum. If you specify a password file, it will
automatically attempt to brute force the user accounts when its finished enumerating.

- RIDENUM is open source and uses all standard python libraries minus python-pexpect. -

You can also specify an already dumped username file, it needs to be in the DOMAINNAME\USERNAME
format.

Example: ./ridenum.py 192.168.1.50 500 50000 /root/dict.txt /root/user.txt

Usage: ./ridenum.py <server_ip> <start_rid> <end_rid> <optional_username> <optional_password> <optional_password_file> <optional_username_filename>

ridenum's Issues

Doesn't work Win2k3 SP2

[*] Attempting lsaquery first...This will enumerate the base domain SID
[*] Successfully enumerated base domain SID. Printing information: 
WARNING: Ignoring invalid value 'share' for parameter 'security'
Domain Name: AKADEMY
Domain Sid: S-1-5-21-2438782293-141090059-481046929
[*] Moving on to extract via RID cycling attack.. 
[*] Enumerating user accounts.. This could take a little while.
[*] RID_ENUM has finished enumerating user accounts...

but enum4linux is fine:

 ========================================================================= 
|    Users on 192.168.72.141 via RID cycling (RIDS: 500-550,1000-1050)    |
 ========================================================================= 
[I] Found new SID: S-1-5-21-2438782293-141090059-481046929
[+] Enumerating users using SID S-1-5-21-2438782293-141090059-481046929 and logon username '', password ''
S-1-5-21-2438782293-141090059-481046929-500 AKADEMY\Administrator (Local User)
S-1-5-21-2438782293-141090059-481046929-501 AKADEMY\Guest (Local User)
S-1-5-21-2438782293-141090059-481046929-502 AKADEMY\krbtgt (Local User)

Hello,
It would be great to make a tagged release in git. In kali we have tools that monitors web pages listing release, and it works well with github pages showing git tags. If you make a tagged release we will be automatically informed and we will update the package quickly.
Thanks

Special Charackter error

The script throws an error when Usernames with special charackters like ö,ä,ü are parsed. The whole process int stopped and following exception is thrown:

Traceback (most recent call last):
File "ridenum.py", line 247, in
filewrite.write(name + "\n")
UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 19: ordinal not in range(128)

Recommend Projects

trustedsec / ridenum Goto Github PK

ridenum's Introduction

RID_ENUM - A simple open source method for performing null session brute forces

ridenum's People

Contributors

Stargazers

Watchers

Forkers

ridenum's Issues

Doesn't work Win2k3 SP2

Release and tag

Special Charackter error

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs