Penetration Testing mailing list archives
Re: Password Audit tools
From: Peter Wood <peterw () firstbase co uk>
Date: Tue, 14 Dec 2004 10:20:20 +0000
For Windows boxes, we use L0phtcrack v4 (LC4) which works very well. We haven't upgraded to v5 because of the price. We also use the freeware LMcrack which is excellent (although the download has disappeared right now). http://www.rainbowcrack.com/ is another good resource. We use pwdump3 or pwdump4 to overcome syskey.
Our experiences with ISS have not been very positive to be honest, and the Internet Scanner does not really compete with real password crackers in any way IMHO.
cheers Pete At 19:10 13/12/2004 -0600, Jeffrey M.Miller CISSP wrote:
I've used Internet Security Scanner from ISS and really like it's ability to pull users from NT domains and test common passwords, such as username=password, password=password, etc.I've considered purchasing the consultant version of l0phtcrack LC5.Has anyone used LC5 and can anyone compare it to ISS? Also are there any OpenSource tools that can do these sorts of checks?Thanks J_
-------------------------------------------------------------------------------------------------------------------------------- Peter Wood FBCS CITP MIMIS MIEEE Chief of Operations First Base Technologies +44 (0)1273 454525 www.fbtechies.co.uk www.white-hats.co.uk
Current thread:
- Password Audit tools Jeffrey M . Miller CISSP (Dec 13)
- Re: Password Audit tools Dan Connelly (Dec 14)
- Re: Password Audit tools Jeffrey M . Miller CISSP (Dec 14)
- Re: Password Audit tools Peter Wood (Dec 14)
- Re: Password Audit tools Christian Martorella (Dec 14)
- Re: Password Audit tools Maximiliano Bertacchini (Dec 14)
- <Possible follow-ups>
- Re: Password Audit tools H Carvey (Dec 14)
- Re: Password Audit tools miguel . dilaj (Dec 14)
- RE: Password Audit tools Todd Towles (Dec 14)
- RE: Password Audit tools Jarmon, Don R (Dec 14)
- RE: Password Audit tools John Forristel (SunGard-Chico) (Dec 14)
- Re: Password Audit tools GuidoZ (Dec 20)
- RE: Password Audit tools Altheide, Cory B. (IARC) (Dec 15)
- RE: Password Audit tools Paris E. Stone (Dec 15)
(Thread continues...)
- Re: Password Audit tools Dan Connelly (Dec 14)