In case anyone isn't aware...LC5 got bought and dumped by Symantec and
is no longer sold. But as Joe says..it still works.
Replacements are Elcomsoft and as always Cain and Able.
joe wrote:
L0phtCrack should still work fine assuming you have dumped the hashes
with I think it is pwdump2 or maybe it was pwdump3.
You don't even truly need it though. Just set some accounts with the
passwords you really don't like, then dump those hashes and then do
the hash comparisons yourself. While you are there, make sure that the
admin ID hashes aren't the same as their normal ID hashes or even that
multiple admin/service IDs don't have the same hashes which could
indicate some sort of sharing. You could also look at Rainbow crack
tables.
Keep in mind that pwdump does things that MS wouldn't normally
consider GOOD to get those hashes and the risk, however slight, is
that you could harm something while doing it. Another thing to keep in
mind with that program is the last time I looked at its source, it
jammed all of the info into the registry and then pulled it out into a
file afterward, that could have impact on larger domains. There were
several reasons MS moved away from the registry as the domain SAM
store, scaleability was one of them.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Rimmerman, Russ
*Sent:* Monday, March 20, 2006 4:38 PM
*To:* [email protected]
*Subject:* [ActiveDir] Weak AD passwords
Can anyone recommend any tools to find which of our users have weak AD
passwords? We used to use L0phtcrack back in the day, but it doesn't
appear to be supported any longer? Other than enforcing complex
passwords (which we do) and 8 character minimum, we'd like to figure
out who uses things like "Password1" or something silly like that.
Thanks in advance
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This e-mail is confidential, may contain proprietary information
of the Cooper Cameron Corporation and its operating Divisions
and may be confidential or privileged.
This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
