Skip to content

Gilks/mmcbrute

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Description

Perform an SMB bruteforce. This script was inspired by mmcexec.py in the impacket library. The idea is to use the error codes that return after an attempted connection to determine if credentials are valid. The target must be a domain joined windows host.

By default, the script will not show failed login attempts. To view failed login attempts you must specify the verbose option, -v. The script is also designed to quit if an account lockout is detected. If this is not desired you must specify honey badger mode, -b. You are also able to tell mmcbrute that you want to try user as pass by specifying -U. See the help menu for a full list of options (-h).

A progress bar will update in real time to let you know how the attack is progressing. There's nothing more frustrating than a bruteforcer that doesn't provide any feedback as it's running.

Output

honey badger mode

Requirements

The impacket library is required in order to run this script.

pip3 install impacket

If that fails, you can get the library from here.

https://github.com/CoreSecurity/impacket

Example Usage:

targets.txt = Unique hosts separated by new lines

users.txt = Unique usernames separated by new lines

pass.txt = Unique passwords separated by new lines

./mmcbrute.py -t targets.txt -d DOMAIN -u users.txt -p pass.txt

Releases

No releases published

Packages

No packages published

Languages