Re: To detect weak or blank password?
From: Valery Pryamikov (valery_at_harper.no)
Date: Tue, 29 Nov 2005 20:34:44 +0100
you can download and check source code of pwdump2:
"Sam Hobbs" <firstname.lastname@example.org_change_social_to_socal> wrote in message
> Thank you, Valery. I don't know if Vladimir can use this; I hope Vladimir
> can. I think I can use it.
> I am not sure I can figure out how to inject code into LSASS but I am
> confident I can figure it out. I have written system-wide hooks and I have
> seen articles describing other methods of injecting code. I think it is
> better to provide as little sample code as possible for things like that
> because it is the kind of thing that is dangerous for beginners.
> The hardest part is the list of passwords to check for, but your
> suggestion to inject code into LSASS is enough to pont me to a good
> direction. I think it is enough for me.
> "Valery Pryamikov" <email@example.com> wrote in message
>> If you inject code in LSASS (as it is done in pwdump2) then you have
>> access to password hashes (md4) and cached domain credentials (md5(domain
>> || username || md4passwordhash)). after that you can do a simple check of
>> weak passwords - eg. by comparing with hashes of empty password, a couple
>> of hundreds of most often used password (as it was done in some of the
>> viruses about 5-6 years ago, don't recall that virus name) and some
>> combination of computername, user name, some dates and their combinations
>> with couple of hundreds most usual passwords. If you run something like
>> 10000-20000 hash comparisons - it will be acceptable performance and good
>> accuracy of the test.
>> "Vladimir Nechipurenko" <firstname.lastname@example.org> wrote in message
>>> There is not way, except to change the passwords, but the performance is
>>> very bad.
>>> We asked customer to cancel this requirement :(
>>> May be there is some not-documented function, but who knows, except MS
>>> Thanks all for the participation
>>> Vladimir Nechipurenko