RidEnum包装说明
摆脱枚举是RID骑自行车的攻击,试图通过空会话和SID与RID枚举枚举用户帐户。如果您指定一个密码文件,它会自动尝试暴力破解用户帐户时,其完成枚举。 资料来源:https://github.com/trustedsec/ridenum
- 作者:TrustedSec,LLC
许可:BSD
0x01 包含在ridenum包工具
ridenum - 空会话RID周期攻击工具 ```bash
:~# ridenum .__ _ _ . . . . | \ | | | \ | __|| \ | | | | | | | \/ | | |) | | | | .--. | | | | | | | | | | | \ / | | / | | | | | | | | | .
| | | | | | |\/| | | |\ \----.| | | '--' | | |____ | |\ | |--' | | | | | | | `.__||| |_/ _|_||| \| __/ || |||______|Written by: David Kennedy (ReL1K) Company: https://www.trustedsec.com Twitter: @TrustedSec Twitter: @Dave_ReL1K Rid Enum is a RID cycling attack that attempts to enumerate user accounts through null sessions and the SID to RID enum. If you specify a password file, it will automatically attempt to brute force the user accounts when its finished enumerating.
- RID_ENUM is open source and uses all standard python libraries minus python-pexpect. -
You can also specify an already dumped username file, it needs to be in the DOMAINNAME\USERNAME
format.
Example: ./rid_enum.py 192.168.1.50 500 50000 /root/dict.txt
Usage: ./rid_enum.py
``` 0x02 ridenum用法示例
连接到远程服务器 (192.168.1.236) 和周期从RID 500〜50000(500 50000), 使用给定的密码文件 (/tmp/passes.txt):
:~# ridenum 192.168.1.236 500 50000 /tmp/passes.txt
[*] Attempting lsaquery first...This will enumerate the base domain SID
[*] Successfully enumerated base domain SID.. Moving on to extract via RID
[*] Enumerating user accounts.. This could take a little while.
原文来自:https://www.hackfun.org/kali-tools/ridenum_zh.html。转载请注明原出处,商用请联系原作者授权。