Re: user default password checking tool
- From: Ahmouda <lesommetdumonde@xxxxxxxxx>
- Date: Fri, 29 Sep 2006 00:35:07 +0200
Hello
I suggest that you change default password to somethings like something<charUpper>%<second> (exemple
for vijay shetti : vjS%28 (when 28 is actual seconds numbers) then if you create password for the same user in
different time (seconds ) it will be different .
for the second issue ;if you have Unix or Linux System you can use John the ripper with rules option to detect if some
users are missing their pass default .you must use rules because you can specify that the pass contains 123 and this will crack only password not changed .
regards
Ahmed
Mario A. Spinthiras a écrit :
Josh Parker wrote:If you are in an Windows 2003/2000 domain enviroment, you can simplyImplementing such a tool wouldn't be the best of options unless the tool knows each user account by name. If it doesn't to check 123 in a password your looking at brute forcing. I do not know how a domain stores passwords but id like to think M$ has taken the big leap of encryption. (forgive me im micro$oft ignorant).
setup option on the acount to Force a user to change there password
upon the next login. To keep the user from using the same password,
you can set Password History to remember the last password, (the last
3 passwords is a good recomendation) You can also set it to require
complex passwords when they change there password. You can also set
the password age, so they have to change it after a sertain amount of
days.
Hope that helps
JOsh
On 9/14/06, vijay shetti <vijay.shetti@xxxxxxxxx> wrote:hello all!!
In my company when we create a new user he is given an initial
password.But then he is told to change the password.The password is
initial of the employee name followed by 123..
for vijay shetti it willl be vs123...
We have a domain based environment.I want to check now how many users
have not changed their initial password using some tool that gives me
list of usernames whose password has 123 in the end.
We follow the same procedure for creating outlook mail password.If
there is any tool/script that also helps me find out this then it will
greatly help me.
Waiting for your reply,
Pavan.
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
If I were to do it id do something like this :
Create a script that logs on to the domain controller , gets a list of users , and their names. E.G
Mario Spinthiras login: mario.s pass: xj1KZH0VAw4ko
Then my script would break the name into an array , take the first array entry and grab its leftmost character , i.e array[0] would be Mario , so we take left(mario,0) which would mean M.
Then do the same with the Surname , in order to get "S".
Then add them together in a string like this with a trailing 123 = MS123
Then try to auth it with the encrypted password you have. If it matches , then the user must change his/her password.
If it does not match , then the user has changed his/her password.
Simply loop this on all accounts and it should be fine. Use VBS or something. Perl should help too.
Its as simple as it sounds.
Many Thanks,
Mario A. Spinthiras
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- References:
- user default password checking tool
- From: vijay shetti
- Re: user default password checking tool
- From: Josh Parker
- Re: user default password checking tool
- From: Mario A. Spinthiras
- user default password checking tool
- Prev by Date: Re: How to find process behing TCP connection ?
- Next by Date: Re: How to find process behing TCP connection ?
- Previous by thread: Re: user default password checking tool
- Next by thread: Re: user default password checking tool
- Index(es):
Relevant Pages
|
|
