Re: Auditing Active Directory Passwords

["Nikhil Wagholikar" <visitnikhil () gmail com>]

Hello K7,

You can give a try to FGDUMP tool.

Fgdump is a utility for dumping password hashes from Windows
NT/2000/XP/2003/Vista machines.  It has all the functionality of
pwdump in-built and can also perform other useful jobs like grabbing
cached credentials, executing a remote executable and dumping the
protected storage on a remote, (or local), host.

Once you dumped all the password hashes into a file, you can then
import it to offline password crackers like Cain and Abel or
L0phtcrack and start your attack against those hashes.

----
Nikhil Wagholikar
Information Security Analyst
NII Consulting
Web: http://www.niiconsulting.com
Security Products: http://www.niiconsulting.com/products.html



On 6 Feb 2008 22:22:32 -0000, <k7.fantr () gmail com> wrote:
> I am looking for advice for auditing the password strength of passwords in Active Directory. I have used l0phtcrack 
> and other such tools in the past against local accounts (SAM and System files) but I do not know what to use for 
> Active Directory.
>
>
> I do not want to brute force and lock out everyone's accounts, so I would prefer an off-line audit.
>
>
> I have domain admin credentials.
>
>
> I am trying to build a case to turn on complexity requirements by showing the fact that people do not voluntarily 
> follow the password policy (big shock to us, but not to the executive management).
>
>
> Any tools that would work in this capacity would be greatly appreciated, especially open source or low cost ones.