From: Dan Connelly (connellyd@gmail.com)
Date: Tue Dec 14 2004 - 07:25:27 EST
Internet Scanner does a good job of enumerating accounts on a Windows
Domain(using netbios and null sessions) but if you tried to brute
force/dictionary every account that it found the scan would take a
VERY long time to complete. If you are trying to pw crack through a
service (ftp,telnet,http...), use hydra otherwise use LC or John the
Ripper.
BTW, Nessus also does a good job enumerating accounts, and its free ;)
Dan
On Mon, 13 Dec 2004 19:10:29 -0600, Jeffrey M. Miller CISSP
<jmiller@acumeninfosec.com> wrote:
> I've used Internet Security Scanner from ISS and really like it's
> ability to pull users from NT domains and test common passwords, such
> as username=password, password=password, etc.
>
> I've considered purchasing the consultant version of l0phtcrack LC5.
>
> Has anyone used LC5 and can anyone compare it to ISS? Also are there
> any OpenSource tools that can do these sorts of checks?
>
> Thanks
>
> J_
>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:10 EDT