Re: Password Audit tools

miguel.dilaj_at_pharma.novartis.com
Date: 12/14/04

  • Next message: Joe Smith: "RE: Laptop Considerations" 
    To: pen-test@securityfocus.com
Date: Tue, 14 Dec 2004 09:25:12 +0000

    Hi Jeffrey,

    Well, it's plenty of password auditing tools out there that will save you
    money. On the other hand, LC5 has the fastest LM engine.
    If time isn't an issue, and you wish to save money, go for John the Ripper
    (http://www.openwall.com/), or my preferred "advanced" tool: Lepton's
    Crack (http://freshmeat.net/lcrack/). Both of them can run on Linux,
    Windows via Cygwin (lcrack), DOS/Windows CLI (JtR), and even VC++ (lcrack,
    development branch).
    The algorithms supported vary, but you'll have LM and NTLM at least (JtR
    requires patching, and for lcrack you've to use the development branch, at
    least until Lepton and myself have the time to port the LM stuff into the
    stable one).
    If you want a Windows GUI tool, go for Cain (http://www.oxid.it/). It's a
    pity that it requires administrative access to run, even if you don't plan
    to do network sniffing.
    An extra link for the same price (be sure to visit it):
    http://www.nestonline.com/lcrack/lcexp1.html
    If you want, I can email you a paper I wrote about password cracking using
    a cluster (I know: I've to put it on a web!).
    Cheers,

    Miguel Dilaj (Nekromancer)
    Vice-President of IT Security Research, OISSG

    "Jeffrey M.Miller CISSP" <jmiller@acumeninfosec.com>
    14/12/2004 01:10

     
            To: pen-test@securityfocus.com
            cc: (bcc: Miguel Dilaj/PH/Novartis)
            Subject: Password Audit tools

    I've used Internet Security Scanner from ISS and really like it's
    ability to pull users from NT domains and test common passwords, such
    as username=password, password=password, etc.

    I've considered purchasing the consultant version of l0phtcrack LC5.

    Has anyone used LC5 and can anyone compare it to ISS? Also are there
    any OpenSource tools that can do these sorts of checks?

    Thanks

    J_

  • Next message: Joe Smith: "RE: Laptop Considerations"