[unisog] IRC bot outbreaks

Phil.Rodrigues at uconn.edu Phil.Rodrigues at uconn.edu
Wed Jul 31 18:15:50 GMT 2002

"Q: What tools are you using to scan for blank administrative passwords?"

Nessus is what we use for large scans, specifically using the 
/Windows/"SMB Log in" and the /Windows/"Using NetBIOS to retrieve info" 
plugins.  Sometimes we pre-scan for Windows shares with nmap, then pump 
that list into Nessus, or we just let Nessus scan our whole range (which 
feels slower to me for some reason).  It looks for username/password 
combos of Administrator/<blank>, Administrator/administrator, 
Guest/<blank>, and Guest/guest.

For single-client scans I have been using NBTEnum, which is a command-line 
or GUI tool that runs on Windows:


It tries all of the accounts on the computer for <blank> and 
<same-as-username> as a password, and even allows you to bypass the 
RestrictAnonymous setting in some cases.

I have dreams of configuring Nessus to look for Windows boxes, enumerate 
all the accounts it finds, look for any in the Administrators group, then 
try <blank> and <same-as-username> passwords for them, but I have not done 
it yet.  Blank or weak administrative passwords on Windows computers 
continue to be our largest security issue over the last few months.  Once 
we finally block Windows Networking from across our Internet connection I 
hope it dies down some. ;-)


PS - I got both of these tools from suggestions on this list - thanks!

Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues at uconn.edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu

More information about the unisog mailing list