Hey i am looking for a tool or maybe some type of feature in BT4/ linux that i can scan my network and find out the password complexity of users that are using windows. If i crack there passwords it not a big deal as long as i doesn't change them. Just want to see if our users are using strong passwords (btw i dont wanna do anything that will harm my network)
Do you really expect us to believe you ?
From what you have told us, you have a LAN with users so that means you or someone must be the Administrator. These are basic knowledge for a LAN Administrator which clearly you do not have.
And still even if you do not change the passwords or do any hard it is still illegal.
If you were the system or network administrator you would have set the standards for choosing a strong enough password as well as when that applicable password would expire and have to be replaced. That information is usually in the security policy or passwords policy.
At least he didn't say it was for a school project that his professor gave him.
yo sickness..i want one too! would you settle for a sticker?
Last edited by gunrunr; 07-07-2010 at 10:24 PM. Reason: added security policy comment
Wielder of the spoon of doom
Summercon, Toorcon, Defcon, Bsides, Derbycon, Shmoocon oh my
Come hang out with hackers on twitter @gunrunr556
NOT to comment on the OP's legitimacy in any way...however, that just isn't true. I'm a hired gun for some gov't thingee with a bunch of letters in its name and have a quarterly deliverable to do exactly that. Approximately 5-7% of all local accounts that are non-AD (and therefore outside the scope of GPO) are chosen for password auditing to verify compliance with complexity requirements. Graphs are drawn, reports are filed, executives point and grumble, the whole gig.
try email all users with this question
Q1 What is your password?
you can advise your clients to use strong complicated passwords instead of sniffing them
you can also enforce password policies on the OS itself as in min password length and complexity
haha ok i defiantly started some controversy here maybe i did word that wrong.. There are password complexity enforced through GP but this doesn't mean the password are strong. I found a tool on msdn that if you put the password it tells you what level of complexity it is weak, strong ect.. (this what I am kind of looking for)
I shouldn't say i want to know the users password but maybe something that can scan and say user1 password weak user2 password strong like that.. I know Linux is extremely powerful and I though there might be some tool that can do this.
Sorry for the bad wording I know how to get passwords that actually easy but in this case i don't want that i just to see if the users are using strong passwords, Because if they aren't means i have to change the policy to have longer characters and you know how people are when it comes to change and have to show auditors that we are enforcing this policy..
Last edited by k3y3n1n; 07-12-2010 at 01:28 PM.