Active Directory
Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Active Directory

  1. #1

    Active Directory

    Hi guys, iv recently been playing with active directory, now i seem to have foun a way to find users who have a specified password...

    What you do is attemp to change the users password, which if the original password was incorrect will return an error, however if the oroginal password was correctly guessed there will bo no error and you know you were right.

    OK, so on the face of it this is no more than guessing a users password at the login prompt...

    This method has no password retry count, and could be used to a big affect by enumerating uses in a domain and checking for common passwords such as 'password' or the same password as the username...

    What i want to know is if there is a way to counter this?

    ---
    Thanks for reading
    Kieran Foot

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    The best way to counter this would be to

    use good passwords...or pass phrases

    Like

    "I bet you cant guess my password : )"

    Or are you looking for a way to lock this out...cause AFAIK by guessing wrong 5 times or so..by default will lock out the account...unless you are admin of course...and you can just reset anyones password...including admin

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    The above methos has no retry cound and thus allows for unlimited retry's, will there be a log file, or can i set a log to be used for such operations...

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Sorry...then

    I am not understanding how you are resetting the password in active directory.....

    Is this done on the server...or at the workstation??

    MLF

    edit>..do you have auditing set up ...cause I am pretty sure it would show up in the Eventlogs>Security Log as Failed
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    its done at the workstation, i have an example if you know VB, maybee you can look at it

  6. #6
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    What OS is the server??

    Cause my 2003 servers lock out users all the time when they need to reset thier passwords....


    MLF

    No I dont know VB...and I would not open a script for a stranger
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #7
    they are 2003 servers, but as it is a college, users are allowed to change there own passwords...

    no i would post the code, i wouldnt expect anybody to run a script/program send by an unknown

  8. #8
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    So...your logged on at a workstation (as admin?) and can change users paswords in your AD?
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  9. #9
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    So you are telling me that it doesnt show up in the Security Log?? On the server??

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  10. #10
    you cannot reset anybody password unless you are an administrator, im not talking about re-setting anybody password.

    the above method uses the change password method, rather like changing your own password, you need the original to assert the change.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •