Security Basics mailing list archives
Re: Using brute force to test Sendmail passwords.
From: Stefan Marx <marx.s () gmx net>
Date: 06 Sep 2003 08:34:08 +0200
Hi, you can use crack or john (John the Ripper) to check the password file. They will brute force the hashes give back the used passwords, although they take their time. An alternative way is to use pam (Pluggable Authentication Modules) and the module pam_cracklib. This can be configured to check the password against any given policy, when it is entered initially or changed. Can be a hassle even against sysadmins, when configured too paranoid ;-) Regards, Stefan
i'm implementing a password security policy for all mail users on a sendmail server (redhat 7.3), and i need to know if all users DID follow the insructions (min lenght = 5, not only A-Z chars, etc). My question is: is there a way to pick the passwords file to make some brute force test, automatically? (any tool?) (any other way to test them?)
--------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Using brute force to test Sendmail passwords. Rolando Ruiz C. (Sep 05)
- Re: Using brute force to test Sendmail passwords. Jonathan Bowman (Sep 08)
- Re: Using brute force to test Sendmail passwords. David (Sep 08)
- Re: Using brute force to test Sendmail passwords. Stefan Marx (Sep 08)