rid enum: null session RID cycle attack for brute forcing domain controllers

RID ENUM – A simple open source method for performing null session brute forces

.______       __   _______         _______ .__   __.  __    __  .___  ___.

|   _  \     |  | |       \       |   ____||  \ |  | |  |  |  | |   \/   |

|  |_)  |    |  | |  .--.  |      |  |__   |   \|  | |  |  |  | |  \  /  |

|      /     |  | |  |  |  |      |   __|  |  . `  | |  |  |  | |  |\/|  |

|  |\  \----.|  | |  '--'  |      |  |____ |  |\   | |  `--'  | |  |  |  |

| _| `._____||__| |_______/  _____|_______||__| \__|  \______/  |__|  |__|

                            |______|



Written by: David Kennedy (ReL1K)

Company: https://www.trustedsec.com

Twitter: @TrustedSec

Twitter: @HackingDave

Rid Enum is a RID cycling attack that attempts to enumerate user accounts through null sessions and the SID to RID enum. If you specify a password file, it will automatically attempt to brute force the user accounts when it’s finished enumerating.

– RIDENUM is open source and uses all standard python libraries minus python-pexpect.

– You can also specify an already dumped username file, it needs to be in the DOMAINNAME\USERNAME
format.

Download

git clone https://github.com/trustedsec/ridenum.git

Usage

./ridenum.py <server_ip> <start_rid> <end_rid> <optional_username> <optional_password> <optional_password_file> <optional_username_filename>

Copyright 2018 TrustedSec

• Written by: David Kennedy (ReL1K)
• Twitter: @HackingDave and @TrustedSec
• Website: https://www.trustedsec.com

Source: https://github.com/trustedsec/