RE: Discovering Active Direcory users with blank passwords



Dump the passwords (pwdump, Abel and Cain...) from SAM and crack them.
Or use Microsoft's MBSA to recover weak passwords.

Alternate way is to use Hydra but since you have access to DC then that is
not necessary.

Goran Pizent



-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of igor.mamuzic@xxxxxxxxxxxxxx
Sent: 2. travanj 2007 18:43
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Discovering Active Direcory users with blank passwords

Is there a way to discover Active Directory users with blank passwords if I
have domain admin privileges and local access to my domain controllers?

Best Regards,
Igor



Relevant Pages

  • RE: Discovering Active Direcory users with blank passwords
    ... Discovering Active Direcory users with blank passwords ... Is there a way to discover Active Directory users with blank passwords ... if I have domain admin privileges and local access to my domain ...
    (Focus-Microsoft)
  • Discovering Active Direcory shared or Service users account
    ... Discovering Active Direcory users with blank passwords ... Is there a way to discover Active Directory users with blank passwords if I have domain admin privileges and local access to my domain controllers? ...
    (Focus-Microsoft)
  • Re: What is the likelihood of password sniffing ?
    ... > When a lot of us send and receive email, we use 'clear text' passwords. ... especially local access to a monitor ... Privacy at a click: ... How many Bill Gates does it take to change a lightbulb? ...
    (alt.computer.security)
  • RE: Discovering Active Direcory users with blank passwords
    ... Dump the sam file and run a cracker. ... settings on any cracker will show the blank passwords immediately. ... Discovering Active Direcory users with blank passwords ... if I have domain admin privileges and local access to my domain ...
    (Focus-Microsoft)
  • Re: Discovering Active Direcory users with blank passwords
    ... Turn on password length of 6 and see who complains:P, that is if there is some ethical problem with cracking the sam file, but I do have to question why its not set to begin with. ... settings on any cracker will show the blank passwords immediately. ... Discovering Active Direcory users with blank passwords ... if I have domain admin privileges and local access to my domain ...
    (Focus-Microsoft)