From: Nicolas RUFF (nicolas.ruff@gmail.com)
Date: Sun Mar 11 2007 - 04:44:41 EST
> I have a win2003 server that I have been asked to test its password
> policy. I am new to this and was wondering what would be the best
> approach to gain access? It is in my local network and will be
> segregated from the rest of the network for testing. I would be using a
> remote machine to log in and not locally. What would be your suggestions?
Password policy can be found in Administrative Tools/[Local | Domain]
Security Policy.
What do you mean by "testing password policy" ?
Why do you need to gain access ? You'd better ask for an administrative
account and dump the SAM file into a password cracker (like LCP).
Given the default security policy of W2003 (anonymous account
enumeration blocked, password length over 7 and mixed characters
required), your chances to break in remotely without any additional
information are near zero.
Regards,
- Nicolas RUFF
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:39 EDT