Metasploit mailing list archives
Re: Password Audit
From: Rob Fuller <mubix () room362 com>
Date: Tue, 7 Dec 2010 11:24:50 -0500
This really should be one of those few times to go outside of Metasploit. The SMBLogin module, depending on how many passwords you try and the threshold you set it may lock out the users. Depending on what passwords you are trying to audit, dump the hashes and crack them offline. Let John rip through all the dictionaries that are stored on SkullSecurity [1], and then let John rip in just brute force mode for about 24 hours. The result of both of those should get you to an awesome baseline. [1] http://www.skullsecurity.org/wiki/index.php/Passwords -- Rob Fuller | Mubix Certified Checkbox Unchecker Room362.com | Hak5.org On Tue, Dec 7, 2010 at 9:14 AM, Peter Fraser <petros.fraser () gmail com> wrote:
Hi All I want to do a password audit on my network to make sure users are using fairly complex passwords. Is there a way I can do that in Metasploit? I wasn't able to find the info I needed so far so even a link to where I can find the info would be much appreciated. Thanks. _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Password Audit Peter Fraser (Dec 07)
- Re: Password Audit Tod Beardsley (Dec 07)
- Re: Password Audit Peter Fraser (Dec 07)
- Re: Password Audit Rob Fuller (Dec 07)
- Re: Password Audit Chao Mu (Dec 07)
- Re: Password Audit chris serafin (Dec 07)
- Re: Password Audit Rob Fuller (Dec 07)
- Re: Password Audit David Young (Dec 07)
- Re: Password Audit Chao Mu (Dec 07)
- Re: Password Audit Rob Fuller (Dec 07)
- Re: Password Audit Kim Guldberg (Dec 09)
- Re: Password Audit Tod Beardsley (Dec 07)