From: Peter Wood (peterw@firstbase.co.uk)
Date: Tue Dec 14 2004 - 05:20:20 EST
For Windows boxes, we use L0phtcrack v4 (LC4) which works very well. We
haven't upgraded to v5 because of the price. We also use the freeware
LMcrack which is excellent (although the download has disappeared right
now). http://www.rainbowcrack.com/ is another good resource. We use pwdump3
or pwdump4 to overcome syskey.
Our experiences with ISS have not been very positive to be honest, and the
Internet Scanner does not really compete with real password crackers in any
way IMHO.
cheers
Pete
At 19:10 13/12/2004 -0600, Jeffrey M.Miller CISSP wrote:
>I've used Internet Security Scanner from ISS and really like it's ability
>to pull users from NT domains and test common passwords, such as
>username=password, password=password, etc.
>
>I've considered purchasing the consultant version of l0phtcrack LC5.
>
>Has anyone used LC5 and can anyone compare it to ISS? Also are there any
>OpenSource tools that can do these sorts of checks?
>
>Thanks
>
>J_
--------------------------------------------------------------------------------------------------------------------------------
Peter Wood FBCS CITP MIMIS MIEEE
Chief of Operations
First Base Technologies
+44 (0)1273 454525
www.fbtechies.co.uk
www.white-hats.co.uk
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:10 EDT