From: Christine Kronberg (seeker@shalla.de)
Date: Sun May 06 2007 - 03:45:35 EDT
On Fri, 4 May 2007, Mike Gibson wrote:
>
> Can anyone recommend a good password auditing tool. Basically I want
> to identify weak passwords on my servers (Windows, Linux, Unix).
> Ideally this would be done by a tool that could remotely fetch the
> local password database and then attempt to brute force the passwords
> and prepare a report in a central location.
>
> Any suggestions?
I just did something similar for a customer. Basically I used
john plus a dictionary and some handwork to create a reporting
script. It was not a all-in-one solution but therefore had some
more flexibility. Once you defined the specs you are looking
for such a reporting script is easily written.
Depending on what you define as "weak" using rainbow tables may
serve your purpose better.
Cheers,
Christine Kronberg.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:46 EDT