SMB Brute force using acccheck

SMB is used for Network file sharing in windows. By default and for security reason windows allow network sharing with Password enabled which is your system password. You can brute force those credentials with help of acccheck and gain access to victim system easily. In this tutorial I will explain how to brute force a system with acccheck and gain access.

acccheck is one of the best SMB brute force attack tools. It is pre-installed in KALI Linux and can get easily installed in other Linux Distro. Use of this tools is pretty easy. This tool doesn’t have may options to choose while attacking, like proxy and etc.  Option this tool contain are:

-t [single host IP address]
OR
-T [file containing target ip address(es)]

Optional:
-p [single password]
-P [file containing passwords]
-u [single user]
-U [file containing usernames]
-v [verbose mode]

accheck-help_aakarperiwal-com

Explanation of options:

-t or -T

This option defines the target. If you have only one target you can use -t as below

acccheck -t 192.168.56.102 <other options>

In above example we used “192.168.56.102” as our target. In case if you want to attack on multiple targets then you can create a file with IP address and provide that file (one target per line)

acccheck -T targets.txt <other options>

-p or -P

This is optional field. This option is used to give Password/s. If you do not use this field then tool will use blank password. If you want to try only single password then use -p like:-

acccheck -t 192.168.56.102 -p password <other options>

in case if you have dictionary then you should use -P

acccheck -t 192.168.56.102 -P dictionary.txt <other options>

-u or -U

This is optional field. This is used to give Username filed. if you do not use this filed then tool will use username as “Administrator”. if you want to specify a user then try -u

acccheck -t 192.168.56.102 -p password -u Admin

In case if you have dictionary of Usernames then use -U

acccheck -t 192.168.56.102 -p password -U usernames.txt

-v

Like most of the tools -v is used for verbose output. if you use -v then tool will show you every username and password it will try on target machine.

accheck-output_aakarperiwal-com

Download Dictionary

To download dictionary for brute force click here

I have uploaded a video also for this attack visit:-

Add a Comment