polenum 介绍

polenum是一个python脚本,使用Impacket库,从windows机器使用核心安全技术提取密码策略信息。这允许非windows(Linux、Mac OSX BSD等)用户查询远程windows箱子的密码策略,不需要直接访问windows机器。

工具来源: https://labs.portcullis.co.uk/tools/polenum/
工具主页
Kali polenum Repo 仓库

polenum - 从windows机器提取密码策略信息

root@kali:~# polenum

  polenum 0.2 - (C) 2008 deanx

        RID[at]Portcullis-Security.com

  Usage:/usr/bin/polenum [username[:password]@]<address> [protocol list...]

        Available protocols: ['445/SMB', '139/SMB']

polenum 用法示例

得到系统的密码策略,用所提供的用户名和密码登录(victim:s3cr3t@192.168.1.200)使用SMB端口445('445/SMB'):

root@kali:~# polenum victim:s3cr3t@192.168.1.200 '445/SMB'

[+] Attaching to 192.168.1.200 using victim:s3cr3t

    [+] Trying protocol 445/SMB...

[+] Found domain(s):

    [+] WIN7-X86
    [+] Builtin

[+] Password Info for Domain: WIN7-X86

    [+] Minimum password length: None
    [+] Password history length: None
    [+] Maximum password age: Not Set
    [+] Password Complexity Flags: 000000

    [+] Domain Refuse Password Change: 0
    [+] Domain Password Store Cleartext: 0
    [+] Domain Password Lockout Admins: 0
    [+] Domain Password No Clear Change: 0
    [+] Domain Password No Anon Change: 0
    [+] Domain Password Complex: 0

    [+] Minimum password age: None
    [+] Reset Account Lockout Counter: 30 minutes
    [+] Locked Account Duration: 30 minutes
    [+] Account Lockout Threshold: None
    [+] Forced Log off Time: Not Set