olle.nxs.se

Blog * Software * Twitter * Email

Projects:

• visimport
• usb-device-fuzzing

Archived stuff:

• john-ntlm
• huggorm
• slingerbult
• netu
• tratt
• skravel
• remote-x
• winmap
• nload
• ypf

skravel

Enumerates NT accounts by RID

skravel is a proof-of-concept tool written by Olle Segerdahl <olle@nxs.se>. It was written to demonstrate/exploit the problem of not being able to restrict "null sessions" on Windows NT 4.0.

Features:

• Enumerates NT4 accounts regardless of "RestrictAnonymous" setting
• Enumerates accounts on Win2k DC through a NT4 domain member
• Resolves domain and user names to fully qualified SID on remote machine

FAQ:

---

Q: skravel just prints "Could not contact system", what's wrong?
A: skravel needs to be able to speak RPC with lsass on the remote machine. This requires an IPC$ connection, ie. 'net use \\machine /u:"" ""'

---

Download:

• skravel version 0.96 Windows NT WIN32 binary
• skravel version 0.96 C source code

© 2002 by Olle Segerdahl <olle@nxs.se>