Re: Highlighting weak password dangers
- From: Manuel Arostegui Ramirez <manuel@xxxxxxxxxxxxxx>
- Date: Thu, 25 Jan 2007 22:37:06 +0100
El Miércoles, 24 de Enero de 2007 18:15, WALI escribió:
I want to highlight the danger of using weak passwords on servers and users
admin desktops. I have tested TSgrinder with a basic dictionary Brute Force
to access Remote Desktop exploit on both servers and desktops. The problem
here is that when connected to domain, the Account Lockout feature disables
the account quite soon. I can only show the exploit on machines not
connected to the domain where Domain Security policy doesn't flow down.
What are other interesting and intriguing ways to present this problem? I
also need a system to do Passwords Audit on my domain and make then 'secure
password' policy compliance.
Try Babel Enterprise, it runs on Linux, Windows (XP, 2003 Server, 2000) and
most Unix (HP-UX, AIX...)
http://babel.sourceforge.net/en/index.php
Hope this helps.
--
Manuel Arostegui Ramirez.
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.
- References:
- Port 8081 mystery
- From: WALI
- Highlighting weak password dangers
- From: WALI
- Port 8081 mystery
- Prev by Date: RE: Notebook policy (need advice)
- Next by Date: RE: Highlighting weak password dangers
- Previous by thread: RE: Highlighting weak password dangers
- Next by thread: Re: Highlighting weak password dangers
- Index(es):
Relevant Pages
|
