|
-
May 26th, 2004, 02:15 PM
#1
 L0phtcrack 5
Hey guys n gals, does anyone know of a program that is similar to LC5 that will allow someone to scan there internal network for weak passwords with being able to create some sort of ruleset to define "weak".
Essentially, this user I have wants to:
1. Have a min and max length password
2. Have no special characters in the 1st and last character
3. Contains no dictionary words in the password
They are trying to do a system audit on their machines to determine who needs to change their passwords. Its a govt. client, so that probably explains the weird rules.
Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.
-
May 26th, 2004, 03:06 PM
#2
For what OS? I know MS has a GINA plugin that will allow you to add some restrictions to what passwords are allowed (atleast 4 letters and 3 digits, no dictionary words, part of the username in the password i.e.).
If you're looking for something to crack hashes I think JohnTheRipper (unix passwd cracker) can also crack LM hashes. Another option is to go for Rainbow crack. Read the exellent tutorial by 3rr0r here
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 26th, 2004, 03:15 PM
#3
although you can use a program such as John the Ripper (with extensions)
http://www.openwall.com/john/
I dont advise to do that.
You need a password quality program, not a password cracker program. A program that will show you a report with users and the text like "guessed" or "cracked" but NOT the password in clear text. Im, as client, really dislike a test that really show the password. It is not necessary to prove if the password is weak
Or you can suggest to your customer to use a product like this:
http://www.littlecatz.com/defender_info.html (never tested this although)
Meu sÃtio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
May 26th, 2004, 04:50 PM
#4
Kudos to cacosapo, thanks for that info. I have suggested the client to use this program. I will let you know what turns up.
Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.
-
May 26th, 2004, 05:27 PM
#5
You shall no longer take things at second or third hand,
nor look through the eyes of the dead...You shall listen to all
sides and filter them for your self.
-Walt Whitman-
-
May 26th, 2004, 07:33 PM
#6
Cain and Abel is a pretty good one too...except that it might be picked up as a Trojan.
-
May 26th, 2004, 07:37 PM
#7
Like SirDice said, making restrictions on what kind of passwords that could be used is also a good step into more secure passwords.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
