Re: Password Audit tools

[Peter Wood <peterw () firstbase co uk>]

For Windows boxes, we use L0phtcrack v4 (LC4) which works very well. We 
haven't upgraded to v5 because of the price. We also use the freeware 
LMcrack which is excellent (although the download has disappeared right 
now). http://www.rainbowcrack.com/ is another good resource. We use pwdump3 
or pwdump4 to overcome syskey.

Our experiences with ISS have not been very positive to be honest, and the 
Internet Scanner does not really compete with real password crackers in any 
way IMHO.

cheers
Pete

At 19:10 13/12/2004 -0600, Jeffrey M.Miller CISSP wrote:
> I've used Internet Security Scanner from ISS and really like it's ability 
> to pull users from NT domains and test common passwords, such as 
> username=password, password=password, etc.
>
> I've considered purchasing the consultant version of l0phtcrack LC5.
>
> Has anyone used LC5 and can anyone compare it to ISS?  Also are there any 
> OpenSource tools that can do these sorts of checks?
>
> Thanks
>
> J_

--------------------------------------------------------------------------------------------------------------------------------
Peter Wood FBCS CITP MIMIS MIEEE
Chief of Operations
First Base Technologies
+44 (0)1273 454525
www.fbtechies.co.uk
www.white-hats.co.uk