Speaking of which, is there any way to remove lanman hashes from user objects without changing the password? I think I know the answer, but I hope I'm wrong...
-----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Monday, March 25, 2013 9:57 AM To: NT System Admin Issues Subject: How easy is it to crack passwords? Ridiculously easy, unless the password is quite long... http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/ By Nate Anderson Ars Technica Mar 24 2013 At the beginning of a sunny Monday morning earlier this month, I had never cracked a password. By the end of the day, I had cracked 8,000. Even though I knew password cracking was easy, I didn't know it was ridiculously easy—well, ridiculously easy once I overcame the urge to bash my laptop with a sledgehammer and finally figured out what I was doing. My journey into the Dark-ish Side began during a chat with our security editor, Dan Goodin, who remarked in an offhand fashion that cracking passwords was approaching entry-level "script kiddie stuff." This got me thinking, because—though I understand password cracking conceptually—I can't hack my way out of the proverbial paper bag. I'm the very definition of a "script kiddie," someone who needs the simplified and automated tools created by others to mount attacks that he couldn't manage if left to his own devices. Sure, in a moment of poor decision-making in college, I once logged into port 25 of our school's unguarded e-mail server and faked a prank message to another student—but that was the extent of my black hat activities. If cracking passwords were truly a script kiddie activity, I was perfectly placed to test that assertion. It sounded like an interesting challenge. Could I, using only free tools and the resources of the Internet, successfully: Find a set of passwords to crack Find a password cracker Find a set of high-quality wordlists and Get them all running on commodity laptop hardware in order to Successfully crack at least one password In less than a day of work? [...] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
