Rid_enum is a null session RID cycle attack for brute forcing domain controllers.
Switch branches/tags
Nothing to show
Clone or download
David Kennedy
David Kennedy update copyright date
Latest commit 490855c Feb 13, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Clean up syntax a little bit and remove try except flow control Apr 30, 2013
CHANGELOG.txt fix ridenum enumdomusers Nov 13, 2017
LICENSE.txt update license Jan 1, 2017
README.md update copyright date Feb 12, 2018
ridenum.py minor cleanup Nov 13, 2017

README.md

RID_ENUM - A simple open source method for performing null session brute forces

Copyright 2018 TrustedSec

.______       __   _______         _______ .__   __.  __    __  .___  ___.
|   _  \     |  | |       \       |   ____||  \ |  | |  |  |  | |   \/   |
|  |_)  |    |  | |  .--.  |      |  |__   |   \|  | |  |  |  | |  \  /  |
|      /     |  | |  |  |  |      |   __|  |  . `  | |  |  |  | |  |\/|  |
|  |\  \----.|  | |  '--'  |      |  |____ |  |\   | |  `--'  | |  |  |  |
| _| `._____||__| |_______/  _____|_______||__| \__|  \______/  |__|  |__|
                            |______|

Written by: David Kennedy (ReL1K)
Company: https://www.trustedsec.com
Twitter: @TrustedSec
Twitter: @HackingDave

Rid Enum is a RID cycling attack that attempts to enumerate user accounts through
null sessions and the SID to RID enum. If you specify a password file, it will
automatically attempt to brute force the user accounts when its finished enumerating.

- RIDENUM is open source and uses all standard python libraries minus python-pexpect. -

You can also specify an already dumped username file, it needs to be in the DOMAINNAME\USERNAME
format.

Example: ./ridenum.py 192.168.1.50 500 50000 /root/dict.txt /root/user.txt

Usage: ./ridenum.py <server_ip> <start_rid> <end_rid> <optional_username> <optional_password> <optional_password_file> <optional_username_filename>