Network Share Brute Forcer v3.1
-------------------------------

Coded by: m0nngis / dfg.
Web: http://www.dfg-crew.com
Mail: mongo@dfg-crew.com

Free. As in beer. (Yum!)

This program will try and gain access to shared folders on your
network using one of the following two methods:

a) Brute force attack
b) Dictionary attack

If you choose to use the brute force attack, you will have to
specify a list of characters.  Depending on what system you
want access to, and what prior information you have about the login
information, this could be just a couple of characters to every
single one you can type on your keyboard.  Here's something to get you
started:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789`=\[];',./~!"@#?$%^&*()_{}:-+|

If the share you want access to is running Windows 9x/ME, you can
remove all the uppercase characters, as Win9x is case-INsensitive.

The brute force method will take the characters you supply and
try all different combinations that are possible.  This is more
or less bound to work if you have all the time in the world
and you have specified all characters. :)

You can also use the dictionary attack.  For this to work you will need
to download (or create) a file with one word per line.  Check the bottom
of this file for some links to dictionary files.

Now, under the field "name of resource" you must enter the UNC path
that you want access to.  If the name of the computer is FADASS
and the folder's called MOVIES, then enter "\\fadass\movies"
there. (sans quotes.)

If you want the shared folder to pop up under My Computer as a drive,
type the drive letter under "mapped drive"... i.e.: "H:" (indeed, sans quotes).

Depending on what OS the computer you're cracking is running, the username
may or may not be important.  Windows 9x/ME use something called
"share level password", which mean that you don't have usernames.  As
long as you supply the correct password, you have access.  Under
Windows NT/2000/XP and Linux running Samba this is different.
They use something called "user level sharing", where you need to have
a user on the computer, and this of course means that you have to
know which username to get the password to. (Regarding Samba,
I don't know if it's possible to run that under "share level",
but the one I have is at least "user level"...  Oh. And it will
_probably_ not work on NT-bases OSes that are logged onto a domain,
they will need to be running in "workgroup mode". (I think. Haven't tried.)

The "starting point" field is nothing to worry about, really.  If you've been
brute forcing for a couple of days and you need a reboot, just hit "Abort",
and it will save the session, so that next time you start the program you can
continue where you left of.

Have fun!


Resources:
----------

Password dictionary files: http://www.outpost9.com/files/WordLists.html