Penetration Testing mailing list archives

Re: Password Auditing

From: Nico Golde <fd () ngolde de>
Date: Sat, 5 May 2007 01:26:25 +0200

Hi,
* Mike Gibson <micheal.gibson () gmail com> [2007-05-04 21:07]:

Can anyone recommend a good password auditing tool. Basically I 
want to identify weak passwords on my servers (Windows, Linux, Unix).
Ideally this would be done by a tool that could remotely fetch 
the local password database and then attempt to brute force the 
passwords and prepare a report in a central location.

Any suggestions?


#include <unistd.h>
#include <stdio.h>

int main (int argc, char **argv){
    if(argc != 3)
        return -1;

    printf("%s:%s:2305:0:99999:7:::\n", user, crypt(argv[1],argv[2]));
    return 0;
}

gcc -lcrypt file.c -o foo
./foo <user> <pass> > shadow
Use john to crack shadow and look how long it takes ;-P
Kind regards
Nico
-- 
Nico Golde - JAB: nion () jabber ccc de | GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons -
gimme a keyboard with 103/104/105 keys!

Attachment: _bin
Description:

Current thread:

Password Auditing Mike Gibson (May 04)
- RE: Password Auditing Beauchamp, Brian (May 04)
- RE: Password Auditing John Babio (May 04)
- Re: Password Auditing Manuel Arostegui Ramirez (May 04)
  - RE: Password Auditing Ken Kousky (May 05)
- Re: Password Auditing kevin (May 04)
- Re: Password Auditing Nico Golde (May 04)
- Re: Password Auditing crazy frog crazy frog (May 06)
  - Re: Password Auditing rajat swarup (May 07)
- Re: Password Auditing Christine Kronberg (May 07)
- <Possible follow-ups>
- RE: Password Auditing Brungardt, Jill (May 04)
- Re: Password Auditing kevin.horvath (May 07)