Re: Auditing Active Directory Passwords

["li bo" <libo.swust () gmail com>]

HI,
As I know, ophcrack is pretty good for crack the SAM dump that is
gotten by PWDUMP.

Bo

On 08/02/2008, Uzair Hashmi <uzair () kse com pk> wrote:
> Yes, cracking SAM on windows is all you need for your particular task.
>
> ntds.dit Consists of schema table, Link table, and Data table.
>
> If you need to know the details associated to individual users, like rights,
> access levels etc. you need to access the data table only. That can be done
> remotely by LDAPAdmin, or some alternate tool.
>
> Say for a particular user; the Data Table in the ntds.dit has an entry known
> as SAMAccountName which represents that individual username stored in the
> SAM.
>
> Active Directory is not an authentication system, rather consider it as a
> simple Directory which has references to resources placed in certain objects
> of "windows" system.
>
> Hope this clears all the confusions.
>
> Best Regards,
> Uzair
>
> ________________________________
>
> From: steve.dake () gmail com [mailto:steve.dake () gmail com] On Behalf Of
> k7.fantr
> Sent: Thursday, February 07, 2008 11:56 PM
> To: uzair () kse com pk
> Cc: security-basics () securityfocus com
> Subject: Re: Auditing Active Directory Passwords
>
>
> These are some great responses. For some reason I was thinking that Windows
> 2003 Active Directory did not use a SAM file for all of the domain accounts.
> I was thinking it was only for local accounts. If this is only a matter of
> cracking the SAM file like on a workstation, then I guess that will work
> just fine.
>
> So are you guys saying that cracking the SAM file on a Windows2003 Active
> Directory box will give up all of the accounts on the network?
> what about the ntds.dit file - not required?
>
> Thanks.
>
>
> On Feb 6, 2008 11:07 PM, Uzair Hashmi <uzair () kse com pk> wrote:
>
>
>         Hi,
>
>         Use pwdump remotely with admin credincials (for BDC or PDC), it will
> give
>         you SAM dump with all users and machines. This dump contains
> LMHASHES and
>         NTLMHASHES, use l0phtcrack or John etc. to crack them offline.
>
>         Best Regards,
>         Uzair
>
>
>
>         -----Original Message-----
>         From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com] On
>         Behalf Of k7.fantr () gmail com
>         Sent: Wednesday, February 06, 2008 4:23 PM
>         To: security-basics () securityfocus com
>         Subject: Auditing Active Directory Passwords
>
>         I am looking for advice for auditing the password strength of
> passwords in
>         Active Directory. I have used l0phtcrack and other such tools in the
> past
>         against local accounts (SAM and System files) but I do not know what
> to use
>         for Active Directory.
>
>
>         I do not want to brute force and lock out everyone's accounts, so I
> would
>         prefer an off-line audit.
>
>
>         I have domain admin credentials.
>
>
>         I am trying to build a case to turn on complexity requirements by
> showing
>         the fact that people do not voluntarily follow the password policy
> (big
>         shock to us, but not to the executive management).
>
>
>         Any tools that would work in this capacity would be greatly
> appreciated,
>         especially open source or low cost ones.
>
> --
>
> steve.dake


-- 
No pains,no gains.