RidEnum包装说明
摆脱枚举是RID骑自行车的攻击,试图通过空会话和SID与RID枚举枚举用户帐户。如果您指定一个密码文件,它会自动尝试暴力破解用户帐户时,其完成枚举。
资料来源:https://github.com/trustedsec/ridenum
RidEnum首页 | 卡利RidEnum回购
- 作者:TrustedSec,LLC
- 许可:BSD
包含在ridenum包工具
ridenum - 空会话RID周期攻击工具
[email protected]:~# ridenum
.______ __ _______ _______ .__ __. __ __ .___ ___.
| _ \ | | | \ | ____|| \ | | | | | | | \/ |
| |_) | | | | .--. | | |__ | \| | | | | | | \ / |
| / | | | | | | | __| | . ` | | | | | | |\/| |
| |\ \----.| | | '--' | | |____ | |\ | | `--' | | | | |
| _| `._____||__| |_______/ _____|_______||__| \__| \______/ |__| |__|
|______|
Written by: David Kennedy (ReL1K)
Company: https://www.trustedsec.com
Twitter: @TrustedSec
Twitter: @Dave_ReL1K
Rid Enum is a RID cycling attack that attempts to enumerate user accounts through
null sessions and the SID to RID enum. If you specify a password file, it will
automatically attempt to brute force the user accounts when its finished enumerating.
- RID_ENUM is open source and uses all standard python libraries minus python-pexpect. -
You can also specify an already dumped username file, it needs to be in the DOMAINNAME\USERNAME
format.
Example: ./rid_enum.py 192.168.1.50 500 50000 /root/dict.txt
Usage: ./rid_enum.py <server_ip> <start_rid> <end_rid> <optional_password_file> <optional_username_filename>ridenum用法示例
连接到远程服务器(192.168.1.236)和周期从RID 500〜50000(500 50000),使用给定的密码文件(/tmp/passes.txt):
[email protected]:~# ridenum 192.168.1.236 500 50000 /tmp/passes.txt
[*] Attempting lsaquery first...This will enumerate the base domain SID
[*] Successfully enumerated base domain SID.. Moving on to extract via RID
[*] Enumerating user accounts.. This could take a little while.