Looking for a secure way to audit AD passwords using backtrack

[koning]

Hi all, is it possible to use one of the tools in Backtrack 5 to do a password audit in an Active Directory of which I have the administrator password?

I have permission from management of a customer to do this to check newly rolled out policies, but they do not want to fork out $500 for l0phtcrack. Is there anything similar in Backtrack?

[lupin]

Hi all, is it possible to use one of the tools in Backtrack 5 to do a password audit in an Active Directory of which I have the administrator password?

I have permission from management of a customer to do this to check newly rolled out policies, but they do not want to fork out $500 for l0phtcrack. Is there anything similar in Backtrack?

Assuming you have dumped the password hashes from one of the Domain Controllers using something like fgdump you can use john the ripper, included on Backtrack, to actually crack those hashes. Someone here (bofh28) wrote a really kick ass guide to password cracking that you might want to refer to.

[koning]

Thanks mate, very promising, but I can't see the attachment... any idea? is the actual document gone?

When I click on attachments (2 showing on mouseover) in the topic list, The next page tells me there are no available attachments...

Would love to get that document though

[lupin]

Yeah I know its a little hard to find. From memory, Pureh@te was hosting it on his site, which led me to the following which I think is the right document:

http://tools.question-defense.com/Cr...ords_Guide.pdf

[koning]

Thanks for your help mate... I've got some reading to do now :-)