From: Nico Golde (fd@ngolde.de)
Date: Fri May 04 2007 - 19:26:25 EDT
Hi,
* Mike Gibson <micheal.gibson@gmail.com> [2007-05-04 21:07]:
> Can anyone recommend a good password auditing tool. Basically I
> want to identify weak passwords on my servers (Windows, Linux, Unix).
> Ideally this would be done by a tool that could remotely fetch
> the local password database and then attempt to brute force the
> passwords and prepare a report in a central location.
>
> Any suggestions?
#include <unistd.h>
#include <stdio.h>
int main (int argc, char **argv){
if(argc != 3)
return -1;
printf("%s:%s:2305:0:99999:7:::\n", user, crypt(argv[1],argv[2]));
return 0;
}
gcc -lcrypt file.c -o foo
./foo <user> <pass> > shadow
Use john to crack shadow and look how long it takes ;-P
Kind regards
Nico
-- Nico Golde - JAB: nion@jabber.ccc.de | GPG: 0x73647CFF Forget about that mouse with 3/4/5 buttons - gimme a keyboard with 103/104/105 keys!
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:46 EDT