Security Basics mailing list archives
RE: Auditing Active Directory Passwords
From: "Uzair Hashmi" <uzair () kse com pk>
Date: Thu, 7 Feb 2008 10:07:27 +0500
Hi, Use pwdump remotely with admin credincials (for BDC or PDC), it will give you SAM dump with all users and machines. This dump contains LMHASHES and NTLMHASHES, use l0phtcrack or John etc. to crack them offline. Best Regards, Uzair -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of k7.fantr () gmail com Sent: Wednesday, February 06, 2008 4:23 PM To: security-basics () securityfocus com Subject: Auditing Active Directory Passwords I am looking for advice for auditing the password strength of passwords in Active Directory. I have used l0phtcrack and other such tools in the past against local accounts (SAM and System files) but I do not know what to use for Active Directory. I do not want to brute force and lock out everyone's accounts, so I would prefer an off-line audit. I have domain admin credentials. I am trying to build a case to turn on complexity requirements by showing the fact that people do not voluntarily follow the password policy (big shock to us, but not to the executive management). Any tools that would work in this capacity would be greatly appreciated, especially open source or low cost ones.
Current thread:
- Auditing Active Directory Passwords k7 . fantr (Feb 06)
- RE: Auditing Active Directory Passwords Jesse Rink (Feb 06)
- RE: Auditing Active Directory Passwords Uzair Hashmi (Feb 07)
- Re: Auditing Active Directory Passwords Nikhil Wagholikar (Feb 07)
- Disabling split tunnelling on an ssl vpn Secure This (Feb 07)
- Re: Disabling split tunnelling on an ssl vpn Ronald van der Westen (Feb 08)
- Re: Disabling split tunnelling on an ssl vpn Secure This (Feb 08)
- Re: Disabling split tunnelling on an ssl vpn Ronald van der Westen (Feb 08)
- Scanning ssl vpn traffic Secure This (Feb 07)
- RE: Scanning ssl vpn traffic Cassiem, Nazier A (Feb 08)
- <Possible follow-ups>
- Re: RE: Auditing Active Directory Passwords wyse101 (Feb 07)
- Re: Auditing Active Directory Passwords maash . rajani (Feb 07)
- Re: Auditing Active Directory Passwords Uzair Hashmi (Feb 08)
- Re: Auditing Active Directory Passwords li bo (Feb 11)
- RE: Auditing Active Directory Passwords Jesse Rink (Feb 06)