Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Password Auditing

From: "John Babio" <jbabio () po-box esu edu>
Date: Fri, 4 May 2007 15:33:14 -0400
You could do John the ripper on your unix machines and windows. The best
program for windows boxes is l0phtcrack. LCP is a free "poormans"
l0phtcrack if you have no budget. Also Pwdumpv3 works great for windows
but you need a logon with admin privileges.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Mike Gibson
Sent: Friday, May 04, 2007 1:50 PM
To: pen-test () securityfocus com
Subject: Password Auditing

Can anyone recommend a good password auditing tool. Basically I want
to identify weak passwords on my servers (Windows, Linux, Unix).
Ideally this would be done by a tool that could remotely fetch the
local password database and then attempt to brute force the passwords
and prepare a report in a central location.

Any suggestions?

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: