Polenum
Polenum extracts password policy information from remote Windows systems over SMB. It allows Linux users to query Windows password policies without needing a Windows machine.
Description
Polenum is a Python script that retrieves password policy details from Windows machines, including minimum password length, password history, complexity flags, lockout settings, and more. It authenticates using provided credentials and connects via SMB protocols on ports 139 or 445.
Use cases include penetration testing and security assessments where understanding the target system's password policy helps plan attacks like password spraying or brute-forcing. It supports non-Windows operating systems like Linux, Mac OS X, and BSD, making it accessible for cross-platform reconnaissance.
The tool relies on the Impacket library and can parse policies from both domain and builtin contexts, providing flags for password complexity, lockout thresholds, and account durations.
How It Works
Polenum uses the Impacket library to establish SMB connections (protocols 139/SMB or 445/SMB) with a Windows target using supplied credentials. It authenticates as the specified user, enumerates domains (e.g., WIN7-X86, Builtin), and queries password policy attributes like minimum length, age, complexity flags (bitmask 000000), lockout counters, and durations. Results are parsed and displayed in a structured format without requiring local Windows access.
Installation
sudo apt install polenumFlags
Examples
polenum victim:[email protected] '445/SMB'polenum -hpolenum --username victim --password s3cr3t 192.168.1.200 '445/SMB'polenum victim:s3cr3t@192.168.1.200 '139/SMB'polenum -u victim -p s3cr3t -d WORKGROUP 192.168.1.200polenum --protocols '139/SMB 445/SMB' victim:s3cr3t@192.168.1.200polenum -d 192.168.1.200 --username victim --password s3cr3t