Metasploit mailing list archives

Re: Password Audit

From: Rob Fuller <mubix () room362 com>
Date: Tue, 7 Dec 2010 11:24:50 -0500

This really should be one of those few times to go outside of
Metasploit. The SMBLogin module, depending on how many passwords you
try and the threshold you set it may lock out the users.

Depending on what passwords you are trying to audit, dump the hashes
and crack them offline. Let John rip through all the dictionaries that
are stored on SkullSecurity [1], and then let John rip in just brute
force mode for about 24 hours. The result of both of those should get
you to an awesome baseline.

[1] http://www.skullsecurity.org/wiki/index.php/Passwords

--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org



On Tue, Dec 7, 2010 at 9:14 AM, Peter Fraser <petros.fraser () gmail com> wrote:

Hi All
I want to do a password audit on my network to make sure users are
using fairly complex passwords. Is there a way I can do that in
Metasploit? I wasn't able to find the info I needed so far so even a
link to where I can find the info would be much appreciated.

Thanks.
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Password Audit Peter Fraser (Dec 07)
- Re: Password Audit Tod Beardsley (Dec 07)
  - Re: Password Audit Peter Fraser (Dec 07)
- Re: Password Audit Rob Fuller (Dec 07)
  - Re: Password Audit Chao Mu (Dec 07)
- Re: Password Audit chris serafin (Dec 07)
  - Re: Password Audit Rob Fuller (Dec 07)
    - Re: Password Audit David Young (Dec 07)
  - Re: Password Audit Chao Mu (Dec 07)
- Re: Password Audit Kim Guldberg (Dec 09)