From: Sardaņons, Eliel [Eliel.Sardanons@PHILIPS.EDU.AR] Sent: Tuesday, February 06, 2001 8:11 AM To: VULN-DEV@SECURITYFOCUS.COM Subject: Windows 2000 remote brute force <> With this utility I have made, we are able to brute force the Windows 2000 Advance Server Administrator password, very fast... Just trying the passwords using the LDAP service... You must change all the variables in the program, I couldn't have time to make a parser... I have tryed it in the same LAN and is fast... I have said the Administrator passwords, but if the other Users aren't disabled with a number of trys then you can brute force all the other users.... And I have found a problem in the w2k LDAP service, it sends to you different errors if you request an object that doesn't exist or an object that exist, just you must login as a 'guest' user and try some users names and know if a user exist or not.. and then brute force the password of that user :)