Author: Wiseman (wiseman@spray.se)
Filename: w2kdad.pl
Current Version: 0.94beta
Created: 10th of December 2002
Last Changed: 17th of March 2003
-------------------------------------------------------------------------
 Description:
------------------------------------------------------------------------
 W2kdad.pl or "Windows 2000 Dictionary Attacker Against Active Directory"
 for long, lets you enumerate users and check passwords in a
 native W2k AD.

 There's an option to use SNMP to gather userdata as well as a DoS option
 that may or may not- depending on the lockoutsettings in the domain! -
 lock out selected users. Very useful! <evil grin>
 You should check the lockout setting with the tool "enum" from
 http://razor.bindview.com before you decide whether a DoS will work or not.

 Caution!: Depending on the lockoutsettings normal operation of this
 script *may* lock out accounts. You have been officialy warned now so
 don't blame me if this happens to you. Check my disclaimer btw!
 It is *not* my fault - ever! :o)

 ------------------------------------------------------------------------
 Change History
 ------------------------------------------------------------------------
 0.94beta:
 First bugs found...tried to bind as $username instead of $base_dn
 Code still not cleaned properly and there are some quirks left to fix.
 Some outcommented code still lingers.
 This will be gone to version 1.0...promise!
 *LoL*

 The -dos mode works quite well, seemed to lockout Administrator too...
 Shouldn't work actually and I didn't really dare to verify this by
 logging out and logging in again as Administrator...

 I didn't really want to lockout myself...
 If you feel to verify this be my guest. Don't blame me if it screws up
 though...


 0.93beta:
 Added Denial of Service switch "-dos", output switch "-o" and cleaned
 up the code a little. There are still outcommented code to be cleaned up
 later! Probably there also are some bugs waiting to be found
 but I deal with them later too, bro...


 0.92beta:
 Messed around with several Perl SNMP-modules an entire afternoon to get
 SNMP functionality to work, but in the end I just thought "What the h*ck"
 and used Microsofts own tool "snmputil" instead. It's simple and it works,
 so I'm happy now...


 0.91beta:
 Got the actual enumeration and password part to work. There are issues
 not corrected yet and this is still beta. I found out that failed LDAP
 authentication *do* trigger lock-outs making this an excellent DoS tool
 too! <evil grin>

 There are still outcommented stuff in the code for testing-purposes.
 This will be removed when going to version 1.0, whenever that now
 happens...live with it for the moment.

 0.9beta:
 The Getopt::std module really screwed things up. I wanted a change
 from my older Perl-scripts that used Getopt::Long to use a more neat
 approach but no! The ::std module did not work as it was documented, it
 didn't for instance assign a "1" to all options that had no argument
 so they became unassigned instead, resulting in some nasty error-
 messages. (But the program still worked as intended. Go figure...)
 So back again to ::Long. Oh well....

 0.5beta:
 First version with no LDAP functionality

 ------------------------------------------------------------------------
 Known Issues
 ------------------------------------------------------------------------
 1: There is a strange thing going on with the default Domain Admin account
  Administrator: When I use Microsofts own LDP.exe I am able to bind as
 Administrator and everything seems OK, but when I am trying this with
 the script it does not work. Heaven knows why. The script works on other
 user account OK, but Administrator...nope....Hopefully I fix this
 in version 1.0...Stay tuned...

 2: Checks for a blank password fails for some reason. Will try to
 fix this in 1.0.

 ------------------------------------------------------------------------
 Credits
 ------------------------------------------------------------------------
 Credit goes to Johnny at http://johnny.ihackstuff.com
 (johnny@ihackstuff.com) for giving me the original idea and
 a .c-code listing for a similar utility to build upon.
 I merely rewrote it in Perl with a twist. I added SNMP support and
 an option to "DoS" the AD users. Oh well...

 ------------------------------------------------------------------------
 Dependencies
 ------------------------------------------------------------------------
 For W2kdad.pl to work you need the following Perl modules:
  LDAP:
  search.cpan.org/author/GBARR/perl-ldap-0.26/
  search.cpan.org/author/GBARR/Convert-ASN1-0.16/
  SNMP:
  Microsoft's "snmputil" from NT Resource Kit
  "snmputil" is not included in this release, so you have to get it yourself.
  If you don't have the NTRK, try
  http://www.petri.co.il/download_free_reskit_tools.htm

 ------------------------------------------------------------------------
 The Usual Disclaimer:
 ------------------------------------------------------------------------
 This script is written AS-IS and will not be supported
 Wiseman is not responsible for the script's misuse and is not responsible
 for any damage resulting from running this script.
 It is *not* my fault so stop complaining
 ------------------------------------------------------------------------
