Penetration Testing mailing list archives
Re: Password Auditing
From: Nico Golde <fd () ngolde de>
Date: Sat, 5 May 2007 01:26:25 +0200
Hi, * Mike Gibson <micheal.gibson () gmail com> [2007-05-04 21:07]:
Can anyone recommend a good password auditing tool. Basically I want to identify weak passwords on my servers (Windows, Linux, Unix). Ideally this would be done by a tool that could remotely fetch the local password database and then attempt to brute force the passwords and prepare a report in a central location. Any suggestions?
#include <unistd.h> #include <stdio.h> int main (int argc, char **argv){ if(argc != 3) return -1; printf("%s:%s:2305:0:99999:7:::\n", user, crypt(argv[1],argv[2])); return 0; } gcc -lcrypt file.c -o foo ./foo <user> <pass> > shadow Use john to crack shadow and look how long it takes ;-P Kind regards Nico -- Nico Golde - JAB: nion () jabber ccc de | GPG: 0x73647CFF Forget about that mouse with 3/4/5 buttons - gimme a keyboard with 103/104/105 keys!
Attachment:
_bin
Description:
Current thread:
- Password Auditing Mike Gibson (May 04)
- RE: Password Auditing Beauchamp, Brian (May 04)
- RE: Password Auditing John Babio (May 04)
- Re: Password Auditing Manuel Arostegui Ramirez (May 04)
- RE: Password Auditing Ken Kousky (May 05)
- Re: Password Auditing kevin (May 04)
- Re: Password Auditing Nico Golde (May 04)
- Re: Password Auditing crazy frog crazy frog (May 06)
- Re: Password Auditing rajat swarup (May 07)
- Re: Password Auditing Christine Kronberg (May 07)
- <Possible follow-ups>
- RE: Password Auditing Brungardt, Jill (May 04)
- Re: Password Auditing kevin.horvath (May 07)