What is acccheck?
acccheck. An information gathering tool from Kali Linux.
acccheck is a tool written by Faiz which connects to hosts and tries to identify a legitimate combination of username and passwords using a username and password list or dictionary file.
What do I need to use it?
In order to use acccheck, you need to:
- Have your Kali instance in the same network as your victim machine (the machine which you are going use acccheck on).
- Have the IP address of the victim.
- Have a username and or password list in hand.
How do I use it?
It’s pretty straight forward. Just open Terminal, and type acccheck and input the required information. Here is a sample below:
acccheck -t <place the target IP here> -P <place the password file here if you will use a password file>
You can customize your command be referring to the screenshot above in this post. Remember that if you are going to use other options (except for -v), you need to provide information beside it. So if you are going to use “-U”, you will need to provide a file location after it:
acccheck -U ~/Desktop/listofusernames.txt …..
What did you do?
In my lab, I tested acccheck on a Windows Server 2003. I put the password file in the desktop so that it will be easier for me to find and refer to it.
After connecting my Kali virtual instance to the same network with the Windows Server 2003 instance, I searched for a password list, put it in Desktop (~/Desktop/) and changed the target directory of Terminal to ~/Desktop. After doing that prep work, I ran the tool by using the command:
acccheck -t 192.168.0.1 -P ./fasttrack.txt -u Administrator -v
- 192.168.0.1 – this is the IP address of the target since. It is required by -t.
- ./fasttrack.txt – the location of the password file relative to the current target directory of the terminal. It is required by -P.
- Administrator – the target username. It is required by -u.
- -v does not require anything.
What is the result?
It successfully found out the password of my Windows Server 2003 machine!
What can an attacker do with this?
This is a test in a controlled environment with me using a commonly known password “Password1!”. If this is in a real world scenario, an attacker getting its hands on a network credential/s can use it to further attack other network hosts. If ever an attacker got his/her hands on the administrator password, then it is game over for that specific machine. Even worse, the business could go south specially if the victim machine is a Domain Controller.
Why? Because domain controllers are the administrators of a domain and an attacker having a domain controller rights can control almost all the networked computers / servers in the domain, edit user details, get confidential information, and destroy the infrastructure.
Always have your default / weak credentials checked. A small mishap like this can help an attacker a very long way. Also remember, use at least 14 characters long password with a mixture of letters, numbers, symbols, and capitalization.
Stay safe everyone!