Results 1 to 10 of 10

Thread: Password Scanner

  1. #1
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    4

    Default Password Scanner

    Hey i am looking for a tool or maybe some type of feature in BT4/ linux that i can scan my network and find out the password complexity of users that are using windows. If i crack there passwords it not a big deal as long as i doesn't change them. Just want to see if our users are using strong passwords (btw i dont wanna do anything that will harm my network)

    Thanks

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Password Scanner

    Quote Originally Posted by k3y3n1n View Post
    Hey i am looking for a tool or maybe some type of feature in BT4/ linux that i can scan my network and find out the password complexity of users that are using windows. If i crack there passwords it not a big deal as long as i doesn't change them. Just want to see if our users are using strong passwords (btw i dont wanna do anything that will harm my network)
    Thanks
    Preserved for posterity

  3. #3
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Password Scanner

    Do you really expect us to believe you ?
    From what you have told us, you have a LAN with users so that means you or someone must be the Administrator. These are basic knowledge for a LAN Administrator which clearly you do not have.
    And still even if you do not change the passwords or do any hard it is still illegal.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  4. #4
    Good friend of the forums gunrunr's Avatar
    Join Date
    Jan 2010
    Location
    shining my spoon
    Posts
    265

    Default Re: Password Scanner

    If you were the system or network administrator you would have set the standards for choosing a strong enough password as well as when that applicable password would expire and have to be replaced. That information is usually in the security policy or passwords policy.

    At least he didn't say it was for a school project that his professor gave him.

    yo sickness..i want one too! would you settle for a sticker?
    Last edited by gunrunr; 07-07-2010 at 10:24 PM. Reason: added security policy comment
    Wielder of the spoon of doom
    Summercon, Toorcon, Defcon, Bsides, Derbycon, Shmoocon oh my
    Come hang out with hackers on twitter @gunrunr556

  5. #5
    Member macphail's Avatar
    Join Date
    Jun 2010
    Location
    East Coast, USA
    Posts
    164

    Default Re: Password Scanner

    Quote Originally Posted by sickness View Post
    ...And still even if you do not change the passwords or do any hard it is still illegal.
    @ sickness:
    NOT to comment on the OP's legitimacy in any way...however, that just isn't true. I'm a hired gun for some gov't thingee with a bunch of letters in its name and have a quarterly deliverable to do exactly that. Approximately 5-7% of all local accounts that are non-AD (and therefore outside the scope of GPO) are chosen for password auditing to verify compliance with complexity requirements. Graphs are drawn, reports are filed, executives point and grumble, the whole gig.
    -----------
    ~peace
    MacPhail

  6. #6
    Senior Member
    Join Date
    Jun 2007
    Location
    UK
    Posts
    175

    Default Re: Password Scanner

    try email all users with this question
    Q1 What is your password?

  7. #7
    Just burned his ISO arkantos's Avatar
    Join Date
    Jul 2009
    Location
    Manila
    Posts
    10

    Default Re: Password Scanner

    you can advise your clients to use strong complicated passwords instead of sniffing them

  8. #8
    Junior Member
    Join Date
    Apr 2009
    Location
    not telling
    Posts
    26

    Default Re: Password Scanner

    you can also enforce password policies on the OS itself as in min password length and complexity

  9. #9
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Password Scanner

    Quote Originally Posted by macphail View Post
    @ sickness:
    NOT to comment on the OP's legitimacy in any way...however, that just isn't true. I'm a hired gun for some gov't thingee with a bunch of letters in its name and have a quarterly deliverable to do exactly that. Approximately 5-7% of all local accounts that are non-AD (and therefore outside the scope of GPO) are chosen for password auditing to verify compliance with complexity requirements. Graphs are drawn, reports are filed, executives point and grumble, the whole gig.
    Yes if you are hired to do that it's legal. I just told him in his case it's illegal.
    There's a difference between what you are doing and him.

    gunrunr I will order some stickers but I still want a T-shirt )
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  10. #10
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    4

    Default Re: Password Scanner

    haha ok i defiantly started some controversy here maybe i did word that wrong.. There are password complexity enforced through GP but this doesn't mean the password are strong. I found a tool on msdn that if you put the password it tells you what level of complexity it is weak, strong ect.. (this what I am kind of looking for)

    I shouldn't say i want to know the users password but maybe something that can scan and say user1 password weak user2 password strong like that.. I know Linux is extremely powerful and I though there might be some tool that can do this.

    Sorry for the bad wording I know how to get passwords that actually easy but in this case i don't want that i just to see if the users are using strong passwords, Because if they aren't means i have to change the policy to have longer characters and you know how people are when it comes to change and have to show auditors that we are enforcing this policy..
    Last edited by k3y3n1n; 07-12-2010 at 01:28 PM.

Similar Threads

  1. no vnc vuln scanner?
    By kooze in forum OLD BackTrack 3 Final
    Replies: 2
    Last Post: 09-16-2008, 08:27 AM
  2. angry ip scanner
    By overide in forum OLD Newbie Area
    Replies: 4
    Last Post: 03-29-2008, 11:58 PM
  3. New windows scanner
    By purehate in forum OLD General IT Discussion
    Replies: 5
    Last Post: 03-29-2008, 03:57 PM
  4. morpheus scanner
    By ragecyr in forum OLD General IT Discussion
    Replies: 5
    Last Post: 02-19-2008, 01:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •