Re: To detect weak or blank password?
From: Valery Pryamikov (valery_at_harper.no)
Date: 11/29/05
- Next message: alexsd_at_gmail.com: "SCardTransmit call with unknown return length"
- Previous message: Jeffrey Tan[MSFT]: "RE: CryptoAPI: explicitly specifying a session key?"
- In reply to: Sam Hobbs: "Re: To detect weak or blank password?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Nov 2005 20:34:44 +0100
you can download and check source code of pwdump2:
http://www.bindview.com/Services/razor/Utilities/Windows/pwdump2_readme.cfm
-Valery.
http://www.harper.no/valery
"Sam Hobbs" <samuel@social.rr.com_change_social_to_socal> wrote in message
news:u7Ib3nD9FHA.2364@TK2MSFTNGP12.phx.gbl...
> Thank you, Valery. I don't know if Vladimir can use this; I hope Vladimir
> can. I think I can use it.
>
> I am not sure I can figure out how to inject code into LSASS but I am
> confident I can figure it out. I have written system-wide hooks and I have
> seen articles describing other methods of injecting code. I think it is
> better to provide as little sample code as possible for things like that
> because it is the kind of thing that is dangerous for beginners.
>
> The hardest part is the list of passwords to check for, but your
> suggestion to inject code into LSASS is enough to pont me to a good
> direction. I think it is enough for me.
>
>
> "Valery Pryamikov" <valery@harper.no> wrote in message
> news:eZ1L1M35FHA.3760@TK2MSFTNGP14.phx.gbl...
>> If you inject code in LSASS (as it is done in pwdump2) then you have
>> access to password hashes (md4) and cached domain credentials (md5(domain
>> || username || md4passwordhash)). after that you can do a simple check of
>> weak passwords - eg. by comparing with hashes of empty password, a couple
>> of hundreds of most often used password (as it was done in some of the
>> viruses about 5-6 years ago, don't recall that virus name) and some
>> combination of computername, user name, some dates and their combinations
>> with couple of hundreds most usual passwords. If you run something like
>> 10000-20000 hash comparisons - it will be acceptable performance and good
>> accuracy of the test.
>>
>> -Valery.
>> http://www.harper.no/valery
>>
>> "Vladimir Nechipurenko" <vladnech@ua.fm> wrote in message
>> news:Ox35woH5FHA.2816@tk2msftngp13.phx.gbl...
>>> There is not way, except to change the passwords, but the performance is
>>> very bad.
>>> We asked customer to cancel this requirement :(
>>>
>>> May be there is some not-documented function, but who knows, except MS
>>> guys
>>>
>>> Thanks all for the participation
>>> Vladimir Nechipurenko
>>>
>>
>
>
- Next message: alexsd_at_gmail.com: "SCardTransmit call with unknown return length"
- Previous message: Jeffrey Tan[MSFT]: "RE: CryptoAPI: explicitly specifying a session key?"
- In reply to: Sam Hobbs: "Re: To detect weak or blank password?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
