From: John Babio (jbabio@po-box.esu.edu)
Date: Fri May 04 2007 - 15:33:14 EDT
You could do John the ripper on your unix machines and windows. The best
program for windows boxes is l0phtcrack. LCP is a free "poormans"
l0phtcrack if you have no budget. Also Pwdumpv3 works great for windows
but you need a logon with admin privileges.
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Mike Gibson
Sent: Friday, May 04, 2007 1:50 PM
To: pen-test@securityfocus.com
Subject: Password Auditing
Can anyone recommend a good password auditing tool. Basically I want
to identify weak passwords on my servers (Windows, Linux, Unix).
Ideally this would be done by a tool that could remotely fetch the
local password database and then attempt to brute force the passwords
and prepare a report in a central location.
Any suggestions?
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:46 EDT