See my previous post about how to enable password complexity. pwdump3 and L0phtCrack can be used to dump and crack AD passwords: http://www.atstake.com/research/lc/download.html
Article on W2K password cracking using L0phtCrack and pwdump2 (a bit dated): http://www.ntsecurity.net/Articles/Index.cfm?ArticleID=9186 Perl script that attempts dictionary passwords against AD users: http://www.securiteam.com/tools/5HP0E209FG.html You need to provide a dictionary file for it to work against. Regards, Robbie Allen http://www.rallenhome.com/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:00 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Password Lookup Where can I find the scripts and where can you set the password complexity? Thanks Ryan McDonald Systems Administrator The Bankers Bank "Thommes, Michael M." <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 08/05/2003 10:39 AM Please respond to ActiveDir To: <[EMAIL PROTECTED]> cc: Subject: RE: [ActiveDir] Password Lookup Hi Robbie, I'm not aware that Windows 2000 password complexity switch prevents the use of dictionary words. That certainly has not been the case here. Please let me know if there is some "special" switch to prevent dictionary words and what dictionary it uses. Thanks! Mike Thommes Argonne National Laboratory -----Original Message----- From: Robbie Allen [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 9:27 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Password Lookup I don't believe MS does, but there are a few scripts/tools on the net that can be used to do it. Have you enabled password complexity, which prevents the use of dictionary passwords? Do you have account lockout enabled? It is much harder (i.e. time consuming) to perform dictionary attacks against AD if account lockout is turned on. Robbie Allen http://www.rallenhome.com/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 10:15 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Password Lookup Does anyone know if Microsoft provides provisions for doing dictionary lookups on passwords? Thanks! Ryan McDonald Systems Administrator The Bankers Bank List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
