![]() "TWorkers"(id=5748, handle=336) Thread successfully terminated. Password for username= and domain= found = New "TWorker" Thread created with id=4948, handle=140 New "TWorker" Thread created with id=5748, handle=336 Load 10k-most-common.txt file in memory. Wait few seconds to see the following result: Prompt(guest)> WinBruteLogon.exe -v -u darkcodersc -w 10k-most-common.txt You can specify a custom name with option -d Crack First User : darkcodersc (Administrator) v is optional, it design the verbose mode.īy default, domain name is the value designated by %USERDOMAIN% env var. ![]() Then, place the PoC executable in a location where you have access as a guest user. To begin the demonstration, log off from the administrator account or restart the machine and log in to the guest account. ![]() In my case both trousers and ozlq6qwm are in SecList : Start the attack Net localgroup guests GuestUser /add Get a Wordlist Net user HackMe ozlq6qwm (ozlq6qwm is the password) Create a new Guest account ![]() Net localgroup administrators darkcodersc /add Create a regular user Net user darkcodersc trousers (trousers is the password) It can be used from any account or group, including guest, regular user, and admin user. Please note that although we will be using the guest account for the demo, this proof-of-concept (PoC) is not limited to the guest account. Next, create two different local accounts: one administrator account and one regular user account. Once the machine is set up, log in as an administrator. PoC Test Scenario (With a Guest Account)įor this demonstration, we will set up a fresh version of Windows 10 on a virtual or physical machine. It should be used responsibly and within the bounds of the law. By attempting to guess the password of an account, the tool can help pentesters identify and address vulnerabilities in their security measures. The tool exploits the lack of an account lockout mechanism, which is a common weakness in many systems (before account lockout becomes enabled by default on Windows 11). This allows pentesters to test the security posture of their systems and assess their defenses against brute-force attacks. Win Brute Logon is designed to simulate a brute-force attack on a Microsoft account by guessing large numbers of password combinations in a short amount of time. Type | WinBruteLogon.exe -u - Introduction Weakness location : LogonUserA, LogonUserW, CreateProcessWithLogonA, CreateProcessWithLogonW Usage Wordlist File Target: Windows XP to Latest Windows 10 Version (1909) While this is a beneficial security measure, it renders the proof-of-concept (PoC) inefficient on these systems. This policy helps to secure the system by locking an account after a certain number of failed login attempts. Notice 2: We have recently learned that Microsoft has enabled the account lockdown policy by default in modern and up-to-date versions of Windows. Thank you for your continued support and we hope you enjoy the new PowerShell version: We believe that this new version will greatly benefit our users and enhance their experience with the tool. This means that users can now access and use the tool directly from the PowerShell command line, making it even more convenient and efficient to use. Notice 1: We are excited to announce that our current tool has been ported to a PowerShell version.
0 Comments
Leave a Reply. |