Re: Password Audit tools

[Jeffrey M.Miller CISSP <jmiller () acumeninfosec com>]

Thanks everyone for your responses...

I guess I've been missing large parts of nessus's abilities!

I've installed 2.2.2a and Hydra... now I just need to figure out how to 
get them to work together.

Has anyone looked at the new nessus book available on Amazon?  Just 
wondering if it would be helpful.

J_

On Dec 14, 2004, at 6:25 AM, Dan Connelly wrote:

> Internet Scanner does a good job of enumerating accounts on a Windows
> Domain(using netbios and null sessions) but if you tried to brute
> force/dictionary every account that it found the scan would take a
> VERY long time to complete.  If you are trying to pw crack through a
> service (ftp,telnet,http...), use hydra otherwise use LC or John the
> Ripper.
> BTW, Nessus also does a good job enumerating accounts, and its free ;)
> Dan
>
>
>
>
> On Mon, 13 Dec 2004 19:10:29 -0600, Jeffrey M. Miller CISSP
> <jmiller () acumeninfosec com> wrote:
> > I've used Internet Security Scanner from ISS and really like it's
> > ability to pull users from NT domains and test common passwords, such
> > as username=password, password=password, etc.
> >
> > I've considered purchasing the consultant version of l0phtcrack LC5.
> >
> > Has anyone used LC5 and can anyone compare it to ISS?  Also are there
> > any OpenSource tools that can do these sorts of checks?
> >
> > Thanks
> >
> > J_