Acccheck

The tool is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol. It is really a wrapper script around the ‘smbclient’ binary, and as a result is dependent on it for its execution.

The simplest way to run the tool is as follows:

./acccheck.pl -t 10.10.10.1

This mode of execution attempts to connect to the target ADMIN$ share with the username ‘Administrator’ and a [BLANK] for the password.

./acccheck.pl -t 10.10.10.1 -u test -p test

This mode of execution attempts to connect to the target IPC$ share with the username ‘test’ and a password ‘test’.
Each -t, -u and -p flags can be substituted by -T, -U and -P, where each represents an input file rather than a single input from standard in.

./acccheck.pl -T iplist -U userfile -P passwordfile

Only use -v mode on very small dictionaries, otherwise, this has the affect of slowing the scan down to the rate the system writes to standard out. Any username/password combinations found are written to a file called ‘cracked’ in the working directory.

 Scan the IP addresses contained in smb-ips.txt (-T) and use verbose output (-v):

Ref: https://labs.portcullis.co.uk/tools/acccheck/
Ref: http://tools.kali.org/information-gathering/acccheck