Re: Password Auditing

From: kevin (toggmeister@vulnerabilityassessment.co.uk)
Date: Fri May 04 2007 - 17:00:08 EDT


Mike,
    There are so many password crackers these days that can do this, try
some of these in the first instance:

John The Ripper
LC5 (Albeit difficult to get hold of due to export restrictions)
Medusa
LCP
pwdump (deprecated by the following)
fgdump
Rainbowcrack
oat/ oscanner/ orabf/ checkpwd for oracle
piggy for sql (if I remember correctly)
scully for sql/ mysql

Rgds

Kev
http://www.vulnerabilityassessment.co.uk

----- Original Message -----
From: "Mike Gibson" <micheal.gibson@gmail.com>
To: <>
Sent: Friday, May 04, 2007 6:50 PM
Subject: Password Auditing

> Can anyone recommend a good password auditing tool. Basically I want
> to identify weak passwords on my servers (Windows, Linux, Unix).
> Ideally this would be done by a tool that could remotely fetch the
> local password database and then attempt to brute force the passwords
> and prepare a report in a central location.
>
> Any suggestions?
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:46 EDT