Security Basics mailing list archives
Re: Auditing Active Directory Passwords
From: "Nikhil Wagholikar" <visitnikhil () gmail com>
Date: Thu, 7 Feb 2008 08:05:23 +0300
Hello K7, You can give a try to FGDUMP tool. Fgdump is a utility for dumping password hashes from Windows NT/2000/XP/2003/Vista machines. It has all the functionality of pwdump in-built and can also perform other useful jobs like grabbing cached credentials, executing a remote executable and dumping the protected storage on a remote, (or local), host. Once you dumped all the password hashes into a file, you can then import it to offline password crackers like Cain and Abel or L0phtcrack and start your attack against those hashes. ---- Nikhil Wagholikar Information Security Analyst NII Consulting Web: http://www.niiconsulting.com Security Products: http://www.niiconsulting.com/products.html On 6 Feb 2008 22:22:32 -0000, <k7.fantr () gmail com> wrote:
I am looking for advice for auditing the password strength of passwords in Active Directory. I have used l0phtcrack and other such tools in the past against local accounts (SAM and System files) but I do not know what to use for Active Directory. I do not want to brute force and lock out everyone's accounts, so I would prefer an off-line audit. I have domain admin credentials. I am trying to build a case to turn on complexity requirements by showing the fact that people do not voluntarily follow the password policy (big shock to us, but not to the executive management). Any tools that would work in this capacity would be greatly appreciated, especially open source or low cost ones.
Current thread:
- Auditing Active Directory Passwords k7 . fantr (Feb 06)
- RE: Auditing Active Directory Passwords Jesse Rink (Feb 06)
- RE: Auditing Active Directory Passwords Uzair Hashmi (Feb 07)
- Re: Auditing Active Directory Passwords Nikhil Wagholikar (Feb 07)
- Disabling split tunnelling on an ssl vpn Secure This (Feb 07)
- Re: Disabling split tunnelling on an ssl vpn Ronald van der Westen (Feb 08)
- Re: Disabling split tunnelling on an ssl vpn Secure This (Feb 08)
- Re: Disabling split tunnelling on an ssl vpn Ronald van der Westen (Feb 08)
- Scanning ssl vpn traffic Secure This (Feb 07)
- RE: Scanning ssl vpn traffic Cassiem, Nazier A (Feb 08)
- <Possible follow-ups>
- Re: RE: Auditing Active Directory Passwords wyse101 (Feb 07)
- Re: Auditing Active Directory Passwords maash . rajani (Feb 07)
- Re: Auditing Active Directory Passwords Uzair Hashmi (Feb 08)
- Re: Auditing Active Directory Passwords li bo (Feb 11)
- RE: Auditing Active Directory Passwords Jesse Rink (Feb 06)