RidEnum 介绍

Rid Enum是一个Rid循环攻击,试图通过空会话和SID枚举来列举出用户帐户。如果您指定一个密码列表,它会自动试图暴力破解已经列举出的用户帐户。

RidEnum 主页
RidEnum 源代码库

ridenum – 循环攻击RID空会话

root@kali:~# ridenum

.______       __   _______         _______ .__   __.  __    __  .___  ___.
|   _  \     |  | |       \       |   ____||  \ |  | |  |  |  | |   \/   |
|  |_)  |    |  | |  .--.  |      |  |__   |   \|  | |  |  |  | |  \  /  |
|      /     |  | |  |  |  |      |   __|  |  . `  | |  |  |  | |  |\/|  |
|  |\  \----.|  | |  '--'  |      |  |____ |  |\   | |  `--'  | |  |  |  |
| _| `._____||__| |_______/  _____|_______||__| \__|  \______/  |__|  |__|
                            |______|

Written by: David Kennedy (ReL1K)
Company: https://www.trustedsec.com
Twitter: @TrustedSec
Twitter: @Dave_ReL1K

Rid Enum is a RID cycling attack that attempts to enumerate user accounts through
null sessions and the SID to RID enum. If you specify a password file, it will
automatically attempt to brute force the user accounts when its finished enumerating.

- RID_ENUM is open source and uses all standard python libraries minus python-pexpect. -

You can also specify an already dumped username file, it needs to be in the DOMAINNAME\USERNAME format.

Example:
./rid_enum.py 192.168.1.50 500 50000 /root/dict.txt

Usage:
./rid_enum.py <server_ip> <start_rid> <end_rid> <optional_password_file> <optional_username_filename>

ridenum 用法示例

连接到远程服务器 (192.168.1.236)and 循环RID从500 to 50000 (500 50000), 指定密码文件 (/tmp/passes.txt):

root@kali:~# ridenum 192.168.1.236 500 50000 /tmp/passes.txt
[*] Attempting lsaquery first...This will enumerate the base domain SID
[*] Successfully enumerated base domain SID.. Moving on to extract via RID
[*] Enumerating user accounts.. This could take a little while.