RE: Password Audit tools

["Todd Towles" <toddtowles () brookshires com>]

LC5 has pre-hased passwords, I hear. It searches the pre-hashed
table...therefore cracking common or simple password that much faster. I
havent' seen it work tho...I have only seen and used LC4. 

> -----Original Message-----
> From: H Carvey [mailto:keydet89 () yahoo com] 
> Sent: Tuesday, December 14, 2004 1:23 PM
> To: pen-test () securityfocus com
> Subject: Re: Password Audit tools
>
> In-Reply-To: <F20512AC-4D6C-11D9-BE00-000A95C0A77A () acumeninfosec com>
>
> > I've used Internet Security Scanner from ISS and really like it's
>
> > ability to pull users from NT domains and test common passwords, such
>
> > as username=password, password=password, etc.
>
> >
>
> > I've considered purchasing the consultant version of l0phtcrack LC5.
>
> >
>
> > Has anyone used LC5 and can anyone compare it to ISS?  
>
>
>
> I'm not sure that you can compare the two, really.  Look at 
> what L0phtcrack does...it's much, much more than simply 
> trying to guess a couple of common passwords.
>
>
>
> > Also are there
>
> > any OpenSource tools that can do these sorts of checks?
>
>
>
> Checks?  Hhhmm...not sure.  Password cracking...sure.  John 
> the Ripper, or ophcrack 
> (http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/index.php
> ).  Ophcrack is something you should probably look at...
>
>
>
> H. Carvey
>
> "Windows Forensics and Incident Recovery"
>
> http://www.windows-ir.com