Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Auditing Active Directory Passwords

From: "Uzair Hashmi" <uzair () kse com pk>
Date: Thu, 7 Feb 2008 10:07:27 +0500
Hi,

Use pwdump remotely with admin credincials (for BDC or PDC), it will give
you SAM dump with all users and machines. This dump contains LMHASHES and
NTLMHASHES, use l0phtcrack or John etc. to crack them offline.

Best Regards,
Uzair


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of k7.fantr () gmail com
Sent: Wednesday, February 06, 2008 4:23 PM
To: security-basics () securityfocus com
Subject: Auditing Active Directory Passwords

I am looking for advice for auditing the password strength of passwords in
Active Directory. I have used l0phtcrack and other such tools in the past
against local accounts (SAM and System files) but I do not know what to use
for Active Directory. 


I do not want to brute force and lock out everyone's accounts, so I would
prefer an off-line audit. 


I have domain admin credentials. 


I am trying to build a case to turn on complexity requirements by showing
the fact that people do not voluntarily follow the password policy (big
shock to us, but not to the executive management).


Any tools that would work in this capacity would be greatly appreciated,
especially open source or low cost ones.
Previous By Date Next
Previous By Thread Next

Current thread: