Hacking Tool: John the Ripper: Crack Password

Re: Hacking Tool: John the Ripper

• It is a command line tool designed to crack both Unix and NT passwords. John is extremely fast and free
• The resulting passwords are case insensitive and may not represent the real mixed-case password.

John the Ripper is a fast password cracker, currently available for many flavors of UNIX (11 are officially supported), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak UNIX passwords. John the Ripper is a part of Owl, Debian GNU/Linux, SuSE, very recent versions of Mandrake Linux, and EnGarde Linux. It is in the ports/packages collections of FreeBSD, NetBSD, and OpenBSD.

John the Ripper is designed to be both powerful and fast. It combines several cracking modes in one program, and is fully configurable for specific needs. As John is available for different platforms, the attacker can use the same cracker everywhere and even continue a cracking session started on a different platform. It supports several cryptographic password hash types most commonly found on various UNIX flavors. Supported out of the box are Kerberos AFS and Windows NT/2000/XP LM hashes, plus several more with contributed patches.

Out of the box, John supports (and auto detects) the following ciphertext formats: standard and double-length DES-based, BSDI's extended DES-based, FreeBSD's MD5-based, and OpenBSD's Blowfish-based. With just one additional command (required to extract the passwords), John can crack AFS passwords and WinNT LM hashes. John has highly optimized modules for different ciphertext formats and architectures. Some of the algorithms used - such as bitslice DES - require a more powerful interface. Additionally, there are assembly routines for several processors and architectures (special Intel Pentium version, x86 with MMX, generic x86, Alpha EV4, SPARC V8).

However, the resulting passwords are case insensitive and may not represent the real mixed-case password. Indeed, this is a small hindrance to a determined patient attacker.

for more :http://hackguide4u.blogspot.com/search/label/Password%20Cracking

Hack Into Administrator Account

any Password..

3. Hacking admin account using ERD commander (100% working hack)

This hack has no restrictions , using this hack you can hack each and every computer.

First of all Download the ERD(Emergency Rescue Disk)  commander... Extract the Files and Make a CD...

DOWNLOAD

STEPS INVOLVED :

1. Insert the ERD Commander Boot CD into the drive and restart the system
2. Boot the computer using ERD Commander Boot CD. You may have to set the boot order in the BIOS first.
3. Select your Windows XP installation from the list as shown.

4. From the ERD Commander menu (Start menu), click System Tools and click Locksmith

5. Click Next

6. Select the administrator account from the list for which you want to reset the password.

7. Type the new password in both the boxes, click Next and click Finish

8 . Restart The System and take the CD out of the Drive..And Enjoy Admin account...

Method 4: Resetting windows password using Ubuntu Live CD or DVD

For this hack you will require the Ubuntu Live CD.

Steps involved :

1. Insert Ubuntu Live CD and boot from it.
2. Open terminal and install chntpw in Ubuntu. To do so use the following commands.

   sudo apt-get update
   sudo apt-get install chntpw

3. Now mount your Windows volume. In my case it was dev/sda1. Replace it with yours.

   sudo mkdir /media/WINDOWS
   sudo mount /dev/sda1 /media/WINDOWS

4. Now navigate to the Windows configuration folder.

   cd /media/WINDOWS/WINDOWS/system32/config/

5. To reset the administrator password enter

   sudo chntpw SAM

6. After completing this command you will see 5 different choices. Select the 1st one and press Enter and its done. 
7. Now restart your system, it will not ask any password.  

How To Sniff Passwords With Cain And Abel

Download Cain and Abel Here: Cain & Abel
Run Cain and Abel as administrator
Go to the tab that says sniffer
Go to the upper right corner under the Cain pciture and enable the sniffer
select your adapter (usually the one that has a listed Ip address)
Click of the blue Plus sign
Leave everything as is and press ok
Right click on each of ip addresses that come up
Resolve the host name for each one of them
Go to the bottom of the screen and hit the APR tab
Click on the top box
Click the blue plus sign
Hind the computer you want get passwords/information from in the left hand box
Highlight everything that comes up in the righthand box
Go to the upper right hand corner, by the sniffer and enable the APR poisener
To Find passwords, go to the bottem of the screen where it says passwords
Here you will find all usernames and passwords of the person you have poisened (Most of the passwords will be in HTTP)

If you didn't understand this look below:

TwitterPasswordDecryptor – Instantly Recover Twitter Account Passwords

TwitterPasswordDecryptor is the FREE tool to instantly recover Twitter account passwords stored by popular web browsers. Most web browsers store the login credentials for visited websites so that user don’t have to remember and enter the password every time. Each of these web browsers use their own proprietary encryption mechanism to store the login passwords including Twitter account passwords.TwitterPasswordDecryptor automatically crawls through each of these browsers and instantly recovers all of the stored Twitter passwords.
TwitterPasswordDecryptor presents both GUI interface as well as command line version, the later is more helpful for Penetration testers in their work. Apart from normal users who can use it to recover their lost password, it can come in handy for Forensic officials who can get hold of any stored Twitter account passwords and then use that Twitter profile information to further extend their investigation.

TwitterPasswordDecryptor is fully Portable tool which can be directly run anywhere without installing locally. It also comes with Installer for those who wants to install it locally and use it on regular basis. It works on wide range of platforms starting from Windows XP to latest operating system Windows 7.
Features
Currently supports recovering of the stored Twitter account password from following popular Internet browsers:

• Internet Explorer (all versions from 4 to 8)
• Firefox
• Google Chrome
• Opera Browser

You can download TwitterPasswordDecryptor here:
TwitterPasswordDecryptor.zip
Source:Darkside

Recover FireFox Passwords using FireFox Password Viewer

FirePasswordViewer is the GUI version of popular FirePassword tool to recover login passwords stored by Firefox. Like other browsers, Firefox also stores the login details such as username, password for every website visited by the user at the user consent. All these secret details are stored in Firefox sign-on database securely in an encrypted format. FirePasswordViewer can instantly decrypt and recover these secrets even if they are protected with master password.
Also FirePasswordViewer can be used to recover sign-on passwords from different profile (for other users on the same system) as well as from the different operating system (such as Linux, Mac etc). This greatly helps forensic investigators who can copy the Firefox profile data from the target system to different machine and recover the passwords offline without affecting the target environment.

Using FirePasswordViewer

FirePasswordViewer is the standalone application and it does not require any installation. You can just run it by double clicking on the executable file.

Here are the brief usage details.

• On running, FirePasswordViewer automatically populates the Firefox profile location if it is already installed. Otherwise you can enter the profile location manually.
• If you have set the master password for your Firefox, then you need to specify the same in the master password box.
• Once the profile location is specified, you can click on "Start Recovery" button and FirePasswordViewer will instantly recover all passwords from Firefox sign-on store.
• By default passwords are not shown for security reasons as it is sensitive data. However you can click on "Show Password" button to view these passwords.
• Finally you can save all recovered password list to HTML file by clicking on "Save as HTML" button.

You can also use FirePasswordViewer to recover passwords from different system either Windows or Linux. In that case you can copy Firefox profile data from remote system to local machine and then specify that path in the profile location field for recovering the passwords.

Screenshots of FirePasswordViewer



Screenshot 2: Showing the hidden passwords recovered by FirePasswordViewer on clicking "Show Password" button.






Download FireFox Password Viewer Here

Password Breakers 2010

Password Breakers 2010



Password Breakers 2010

1) PDF Password Remover
2) Windows XP Admin Password Remover
3) Zip File Password Cracker
4) SQL Password Remover
5) Microsoft Office Password Remover
6) Windows Vista Admin Password Recovery
7) Windows Password Recovery
8) RAR File Password Cracker
9) EXE File Password Recovery
10) Password Changer
11) Password Memory
12) Distributed Password Recovery

DOWNLOAD:

Code:

http://hotfile.com/dl/45089746/730b7ff/asswoCTols.rar.html

if you like my post please say thanks

Crunch – Password Cracking Wordlist Generator

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.Of course John the Ripper (JTR) has some built in options for creating permutations from Wordlists.

Features

• Crunch generates wordlists in both combination and permutation ways
• It can breakup output by number of lines or file size
• Now has resume support
• Pattern now supports number and symbols
• Pattern now supports upper and lower case characters separately
• Adds a status report when generating multiple files

You can download Crunch here:

crunch2.6.tgz

Web Based Password Cracking Techniques

Passport authentication messages are passed in the form of electronic "tickets" that are used to inform the site that the user has signed in successfully. A ticket is a small amount of data that indicates the time the sign in occurred, when the user last manually signed in, and other information that is useful to the authentication process. Within the Passport system, these tickets take the form of cookies.

To obtain a ticket, a user with a Passport account signs in to the site or tries to access a protected Web page within the merchant site (e.g., a page that requires user authentication before allowing access). This redirects the user to a special page on Passport.com. This page takes information that the merchant site has appended to the URL and processes it. This allows the Passport service to know which merchant site has referred the user, and which merchant site to return the user to.
Once the information has been processed, Passport redirects the user to a page on Passport.net.

Once the user enters their credentials, they are sent back to the Passport.com domain. Once there and verified, Passport writes a cookie on the user's browser that stores information about this sign in. This is called a "ticket-granting-cookie" and it is used in subsequent sign in attempts. Then Passport redirects them back to your site.

When the user arrives back at the merchant site, they bring two encrypted packets of information attached to the query string. Software called the Passport Manager which is installed on the merchant's authenticating servers reads those packets and writes them as encrypted cookies in the merchant site domain.

The first cookie contains the authentication ticket information. The second contains any profile information that the user has chosen to share, and any operational information and unique identifiers that need to be passed. These packets are encrypted with a unique secret key that is shared between Passport and the merchant site. This helps to ensure that only the merchant can decode these messages.

The merchant site then takes this information and uses it to issue his cookies. Since these cookies are issued from the merchant domain, the merchant will have access to them. The merchant can use the Passport User ID to look a user up in the merchant database and perform authorization tasks.

When the user navigates to another Passport participating site, the new site has several choices to make about how they will authenticate this user. When the user clicks the sign in button, they are directed to the Passport service exactly as they were at their first sign in. The difference is that this time there is a ticket-granting-cookie saved on the browser that Passport can read.

Since the ticket contains the time that it was issued, it allows the referring site to decide how "fresh" the cookie needs to be in order for the site to accept it. If the ticket meets the rules the referring site has chosen, the user is redirected back to the referring site along with the encrypted ticket and profile cookies. If the ticket is too old, the user is prompted to re-enter their credentials.

Note

However, passport has been plagued with security issues - right from reuse of authentication cache to privacy flouting activities. Apart from this exploits that plague Microsoft based web systems such as Unicode exploits, cross site scripting and cookie stealing cast more than a shadow of doubt on this means of authentication.

A few links exploring these issues are given below:

• 
  
  
  
  http://alive.znep.com/~marcs/passport/
• 
  
  
  
  http://www.wired.com/news/technology/0,1282,48105,00.html
• 
  
  
  
  http://www.epic.org/privacy/consumer/microsoft/
• 
  
  
  
  http://avirubin.com/passport.html

Forms-Based Authentication

• 
  
  
  
  It is highly customizable authentication mechanism that uses a form composed of HTML with
  and tags delineating fields for users to input their username/password.
• 
  
  
  
  After the data input via HTTP or SSL, it is evaluated by some server-side logic and if the credentials are valid, then a cookie is given to the client to be reused on subsequent visits.
• 
  
  
  
  Forms based authentication technique is the popular authentication technique on the internet.

Conventionally, web applications had users authenticate themselves through a Web form. The user's credentials as captured by this form are submitted to the business logic which determines the authorization level. If the user is authenticated, the application generates a cookie or session variable. This cookie contains anything from a valid session identification access token to customized personalization values. The time period for which the cookie is valid or the contents stored in it are subject to security risks.

Forms Authentication is a system in which unauthenticated requests are redirected to a web form where the unauthenticated users are required to provide their credentials. In the context of ASP.NET, it extends similar logic into its architecture as an authentication facility, Forms Authentication. Forms Authentication is one of three authentication providers. Windows Authentication and Passport Authentication make up the other two providers.

Reverting back to the web based authentication method, on being properly verified by the application, based on the credentials input by the user, an authorization ticket is issued by the Web application in the form of a cookie. In essence, Forms Authentication is a means for wrapping the web application around the login user interface and verification processes.

Note

Forms Authentication Flow A client generates a request for a protected resource (e.g. a transaction details page). IIS (Internet Information Server) receives the request. If the requesting client is authenticated by IIS, the user/client is passed on to the web application. However, if Anonymous Access is enabled, the client will be passed onto the web application by default. Otherwise, Windows will prompt the user for credentials to access the server's resources. If the client doesn't contain a valid authentication ticket/cookie, the web application will redirect the user to the URL where the user is prompted to enter their credentials to gain access to the secure resource. On providing the required credentials, the user is authenticated / processed by the web application. The web application also determines the authorization level of the request, and, if the client is authorized to access the secure resource, an authentication ticket is finally distributed to the client. If authentication fails, the client is usually returned an Access Denied message.

Hacking Tool: WinSSLMiM

• 
  
  
  
  http://www.securiteinfo.com/outils/WinSSLMiM.shtml
• 
  
  
  
  WinSSLMiM is an HTTPS Man in the Middle attacking tool. It includes FakeCert, a tool to make fake certificates.
• 
  
  
  
  It can be used to exploit the Certificate Chain vulnerability in Internet Explorer. The tool works under Windows 9x/2000.
• 
  
  
  
  Usage:
  • 
    
    
    
    FakeCert: fc -h
  • 
    
    
    
    WinSSLMiM: wsm -h

We have seen how digital certificates are used for authentication purposes. Typically, the administrator of a web site opts to provide secure communication through the SSL. To enable this, the administrator generates a certificate and gets it signed by a Certification Authority. The generated certificate will list the URL of the secure web site in the Common Name (CN) field of the Distinguished Name section. The CA verifies that the administrator legitimately owns the URL in the CN field, signs the certificate, and gives it back.

[CERT - Issuer: VeriSign / Subject: VeriSign] -> [CERT - Issuer: VeriSign / Subject: www.website.com]

Note

When a web browser receives the certificate, it should verify that the CN field matches the domain it just connected to, and that it is signed by a known CA certificate. No man in the middle attack is possible because it should not be possible to substitute a certificate with a valid CN and a valid signature. However, it is possible that the signing authority has been delegated to more localized authorities. In this case, the administrator of www.website.com will get a chain of certificates from the localized authority:

Attack Methods

However, as far as IE is concerned, anyone with a valid CA-signed certificate for any domain can generate a valid CA-signed certificate for any other domain. If an attacker wants to, he can generate a valid certificate and request a signature from VeriSign: [CERT - Issuer: VeriSign / Subject: VeriSign] -> [CERT - Issuer: VeriSign / Subject: www.attacker.com]

Then he can generate a certificate for any domain he wants to, and sign it using his CA-signed certificate: [CERT - Issuer: VeriSign / Subject: VeriSign]

-> [CERT - Issuer: VeriSign / Subject: www.attacker.com] -> [CERT - Issuer: www.attacker.com / Subject: www.amazon.com]

Since IE does not check the Basic Constraints on the www.attacker.com certificate, it accepts this certificate chain as valid for www.amazon.com. This means that anyone with any CA-signed certificate (and the corresponding private key) can spoof anyone else. Any of the standard connection hijacking techniques can be combined with this vulnerability to produce a successful man in the middle attack.

Tools

WinSSLMiM is an HTTPS Man in the Middle attacking tool. It includes FakeCert, a tool to make fake certificates. It can be used to exploit the Certificate Chain vulnerability in Internet Explorer. The tool works under Windows 9x/2000.

Crack WIFI Network WEP Password With BackTrack

Crack WIFI Network WEP Password With BackTrack

Learn How to Hack WIFI WEP Password

Learn How to Crack WIFI WEP KEY

Hack WIFI Network WEP Password

Crack WIFI Network WEP Password With BackTrack

Learn How to Hack WIFI WEP Password

Learn How to Crack WIFI WEP KEY

Hack WIFI Network WEP Password

Cracking NT/2000 passwords

•SAM file in Windows NT/2000 contains the usernames and encrypted passwords. The SAM file is located at %systemroot%\system32\config directory [open this link using RUN] •The file is locked when the OS is running.
◦Booting to an alternate OS
■NTFSDOS (http://www.sysinternals.com/) will mount any NTFS partition as a logical drive.
◦Backup SAM from the Repair directory
■Whenever rdisk /s is run, a compressed copy of the SAM called SAM._ is created in %systemroot%\repair. Expand this file using c:\>expand sam._sam
◦Extract the hashes from the SAM
■Use LOphtcrack to hash the passwords.
This file is usually locked when the system is in use. However, once the system is not used by any system components, it is world readable by default. Attackers are particularly vigilant to detect any possible SAM.SAV files which could be readable, as these can be used for obtaining password info.
There are tools such as NTFSDOS that are capable of mounting any NTFS partition as a logical drive. NTFSDOS.EXE is a read-only network file system driver for DOS/Windows that is able to recognize and mount NTFS drives for transparent access. It makes NTFS drives appear indistinguishable from standard FAT drives, providing the ability to navigate, view and execute programs on them from DOS or from Windows.


Not all is lost if the system is in use and the SAM file is locked. If a system administrator has casually forgotten to rename the administrator account or change the initial password, the attacker might be in luck because during the installation of NT/2000 a copy of the password database is put in \\WINNT\REPAIR.


What happens if the system administrator has updated their repair disk? The attacker can then look for a copy of the repair disks and extract the password database from the SAM._ file in the ERD directory. He can then use a couple of different utilities for dumping the password hashes out, like pwdump or even run Lophtcrack (which has pwdump code built in) to extract the passwords. SAMDUMP.EXE can be used to extract the user information out of it.

Automatic Password Cracking Algorithm

•Find a valid user


•Find encryption algorithm used


•Obtain encrypted passwords


•Create list of possible passwords


•Encrypt each word


•See if there is a match for each user ID


•Repeat steps 1 through 6


However, the vulnerability does not arise from the hashing process but from the storage. Most systems do not "decrypt" the stored password during authentication, but store the one-way hash. During the login process, the password entered is run through the algorithm generating a one-way hash and compared to the hash stored on the system. If they are the same, it is assumed the proper password was supplied. Therefore all that an attacker has to do in order to crack a password is to get a copy of the one-way hash stored on the server, and then use the algorithm to generate his own hash until he gets a match. Most systems - Microsoft, UNIX, and Netware have publicly announced their hashing algorithm.


Attackers can use a combination of attack methods to reduce the time involved in cracking a password. This is where automated password crackers come into action. There are freeware password crackers available on the Internet for NT, Netware, and UNIX. Not to be forgotten that there are password lists that can be fed to these crackers to carry out a dictionary attack.

Password Types

Passwords can be categorized into various types based on their composition. Let us take a look at these types to enhance our understanding of password cracking.
•Passwords that contain only letters: As rightly inferred, these contain just alphabets and are the easiest to crack. Example: "secret"

•Passwords that contain only numbers: These passwords consist purely of numerals. Example: "12354"
•Passwords that contain only special characters: These passwords consist of only special characters. They are easy to crack in accordance with their decreasing length. Example: "*%$%@"
•Passwords that contain letters and numbers: These passwords were the first step towards secure passwords. They are relatively harder to crack than passwords with just letters or numerals. Examples: "a3rf5"
•Passwords that contain only letters and special characters and passwords that contain only special characters and numbers are quite similar to the preceding one. Examples: "df%g$i", "39*&4"
•Passwords that contain letters, special characters and numbers are considered to be the most secure as the combination can be difficult to crack. Given an appropriate length, they can be considered to be safe and if encrypted well, safe on the network as well. Example: "a#d5y8%"


************************************************************************


NOTE: Well friends, this is nowhere documented that, the most secure password contains [SPACES]. Using spaces in your password, it will become the strongest. Using spaces, you can easily bypass trojans & keylogers(almost 100%). I recommend to use 3-4 spaces as prefix of your password. For e.g. suppose you password is : "iamsweet123" without quote


Instead of this password, use "iamsweet123 ". Now what is the difference. Have a closer look. In the later one you will see that its excetely "iamsweet123[space][space][space]"

Top 10 Password Crackers

1. Cain and Abel : The top password recovery tool for Windows

UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols

2. John the Ripper : A powerful, flexible, and fast multi-platform password hash cracker

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes

3. THC Hydra : A Fast network authentication cracker which support many different services

When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more

4. Aircrack : The fastest available WEP/WPA cracking tool

Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files)

5. L0phtcrack : Windows password auditing and recovery application

L0phtCrack, also known as LC5, attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). LC5 was discontinued by Symantec in 2006, but you can still find the LC5 installer floating around. The free trial only lasts 15 days, and Symantec won't sell you a key, so you'll either have to cease using it or find a key generator. Since it is no longer maintained, you are probably better off trying Cain and Abel, John the Ripper, or Ophcrack instead.

6. Airsnort : 802.11 WEP Encryption Cracking Tool

AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the Shmoo Group and operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. You may also be interested in the similar Aircrack.

7. SolarWinds : A plethora of network discovery/monitoring/attack tools

SolarWinds has created and sells dozens of special-purpose tools targeted at systems administrators. Security-related tools include many network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the fastest and easiest router config download/upload applications available and more.

8. Pwdump : A window password recovery tool

Pwdump is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is enabled. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file.

9. RainbowCrack : An Innovative Password Hash Cracker

The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables". It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished.

10 Brutus : A network brute-force authentication cracker

This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source code is available. UNIX users should take a look at THC Hydra.

Manual Password Cracking Algorithm

•Find a valid user
•Create a list of possible passwords
•Rank the passwords from high probability to low
•Key in each password
•If the system allows you in - Success
•Else try till success
In its simplest form, password cracking can be automated using a simple FOR loop. In the example below, an attacker creates a simple text file with usernames and passwords that are iterated using the FOR loop.
A text file is created to serve as a dictionary from which the main FOR loop will draw usernames and passwords as it iterates through each line:

[file: credentials.txt] administrator ""
administrator password
administrator administrator
[Etc.]
 From a directory that can access the text file the following command is typed:

c:\>FOR /F "tokens=1,2*" %i in (credentials.txt)^
More? do net use \\victim.com\IPC$ %j /u:victim.com\%i^ More? 2 >> nul^
 More? && echo %time% %date% >> outfile.txt^
 More? && echo \\victim.com acct: %i pass: %j >> outfile.txt
c:\>type outfile.txt
If there has been a successfully guessed username and password from credentials.txt, outfile.txt will exist and contain the correct user name and password. The attacker's system will also have an open session with the victim server.