IMG0068a

Spork

Spork is a Windows Networking brute-force and information gathering tool. Designed to allow a penetration test team to more easily browse and attack specific systems in large networks, Spork uses null sessions and unprivileged logins to download account lockout and password policies. Spork can then be set to automatically avoid lockout policies and download password hashes from compromised systems.

First released somewhere around 1996, Spork was originally designed to provide a more friendly interface to exploit null sessions in Windows NT 3.51 and Windows NT 4.0 systems. Techniques used at the time relied on creating one-way trust relationships with target systems and then browsing file security tabs to discover user names and group memberships. Since then Spork has evolved to include multi-threaded password attacks, long term brute force procedures, and password hash manipulation. Try it for yourself.

Download: Spork 2.0 has not yet been released, look for it soon.

Spork 1.1 binaries - spork.1.1.zip ( md5sum 5eb7d3d55f8a5dcb71e0bbc3897b9b40 )

Spork 1.1 source code - spork.1.1.src.zip.( md5sum 97fba793015608e672a4583f4fe6103c )

spork11

Spork 1.0 BETA

WARNING! Spork 1.0beta has a bug which causes it to miscalculate lockout policies when trying to avoid them during a brute force login attack. This WILL cause account to be locked out on systems that have lockouts enabled. A new version will be uploaded soon.

Spork 0.9b In case you don't like 1.0.

spork10

Copyright 2012