From: Wayne Dawson (Wayne_Dawson@inventuresolutions.com)
Date: Thu Sep 07 2006 - 11:59:58 EDT
Not sure, but what happens when you use the normal windows rdp client,
mstsc.exe, to connect using the same user/password. Does that work?
Just eliminating things...
-----Original Message-----
From: jetzmaru [mailto:chrys.thorsen@comcast.net]
Sent: Monday, September 04, 2006 12:36 PM
To: pen-test@securityfocus.com
Subject: Re: brute-force with tsgrinder
I'm having the same problem as Nicholas. The computer is in a
workgroup, so I put the machine name in as domain. The correct password
still fails. I only put in the username, using -d to put in the
computer name: tsgrinder -w passlist.txt -d testxp -u chrys -b -n 2
192.168.0.2
Please help! Thanks so much!
Nicholas Fanelli wrote:
>
> For those of you who are familiar with TSGRINDER, I would appreciate
> your help.
>
>
>
> I having trouble compromising my remote machines. The target devices
> are on a domain. I have the username (Local\Administrator) and typed
> the current password into the dictionary file (Wordlist.txt). Then
> open a cmd-line, browse to my executable and type the following
string:
>
>
>
> tsgrinder.exe -w wordlist.txt -b -n 1 -D 8 192.168.x.x
>
>
>
> A RDP session opens and attempts the passwords within my dictionary
> (the correct password is third down on my list) but when it trys the
> right password it responds with a "Failed"??
>
>
>
> I checked the local administrator account to verify it was not locked
out.
> Not sure what else to try??
>
>
>
> Any help is appreciated!
>
> ----------------------------------------------------------------------
> --
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php
> ----------------------------------------------------------------------
> --
>
>
>
-- View this message in context: http://www.nabble.com/brute-force-with-tsgrinder-tf2129274.html#a6140801 Sent from the Penetration Testing forum at Nabble.com. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------ This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom they are addressed. If you have received this email in error, please delete this email from your system. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:55 EDT