Home
Topics
Microsoft Windows Server Management
Windows Server and Network Security
Step 2: Tools you should use for Windows password testing

Step 2: Tools you should use for Windows password testing

In the past, testing for Windows-based password weaknesses was somewhat difficult if not downright painful. However, new tools and cracking techniques have emerged in both freeware and commercial applications recently that help streamline the process and actually make it kind of fun.

In order to effectively accomplish the tasks outlined in the methodology above, it takes various tools. The following tools should at least be on your radar if not in your security toolbox:

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

Brutus for e-mail, telnet, etc. passwords (an absolute must)
Cain & Abel for LM- and NTLM-hashed Windows passwords, Wireless Zero Configuration passwords, PWL files, RDP files, SQL hashes, and more
Effective File Search for searching passwords in network files (i.e. searching for "password" in .txt, .doc, .xls, etc. files)
John the Ripper for LM-hashed Windows passwords
Microsoft Baseline Security Analyzer (MBSA) for missing and weak passwords
NetBIOS Auditing Tool for Windows share passwords
Proactive Password Auditor for LM- and NTLM-hashed Windows passwords and rainbow tables support
Proactive System Password Recovery for RAS, PWL files, service accounts, and more
pwdump3e for dumping Windows password hashes
pwdump4 for dumping Windows password hashes
TSGrinder for Terminal Services passwords

Using these tools in an ethical hacking methodology to find weak passwords on your Windows-based network is both an art and a science. I encourage you to check out the free password hacking chapter from my book Hacking For Dummies for more specifics.

Cracking network passwords

Home: Introduction
Step 1: Ethical hacking methodology
Step 2: Tools you should use
Step 3: What good are your findings?

ABOUT THE AUTHOR
Kevin Beaver is an information security consultant, keynote speaker, and expert witness with Atlanta-based Principle Logic, LLC where he specializes in performing independent security assessments.

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary

This was first published in December 2005

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

More from Related TechTarget Sites

Server Virtualization
Cloud computing
Exchange
SQL Server
Windows IT
Enterprise Desktop
Virtual Desktop

Server Virtualization
- How can I enable automated VM resource provisioning?
  
  As with many other facets of virtualization, VM resource allocation is becoming automated. Find out what tools you can use for automated provisioning.
- Columbia Sportswear's move from virtualization to private cloud computing
  
  Columbia Sportswear parlayed server virtualization into a private cloud. Along the way, it found that its management tools needed serious rethinking.
- Power management a must for oVirt high availability
  
  Dodge dreaded downtime by enabling power management in your oVirt 3.1 environment.
Cloud computing
- Google Compute Engine prices on par with AWS -- for now
  
  Conventional wisdom has Google and AWS locked in the Price War of the Titans with the launch of GCE, but a deeper look reveals a different truth.
- Limiting the effects of cloud computing outages
  
  After making the case for cloud based on high availability, IT pros are upset by cloud outages. With planning, there are ways to craft a strategy.
- Amazon Redshift an appealing alternative to on-premises data warehouse
  
  Amazon Redshift has intriguing pricing and features, but beware of its differences from a traditional, on-premises data warehouse.
Exchange
- Configuring federation proxy servers for a hybrid Office 365 deployment
  
  Part of the hybrid Office 365 single sign-on configuration process is correctly setting up federation proxy servers. Here's how.
- Exchange 2013 anti-malware protection: Will you need anything else?
  
  Trusting native Exchange 2013 anti-malware protection to protect your environment is an option, but that doesn't necessarily mean it's the best one.
- Exchange 2013 CU1 migration considerations
  
  Before migrating to Exchange 2013 CU1, you should know about some of the most important updates and how they'll affect your environment.
SQL Server
- Adam Machanic talks SQL Saturday
  
  We caught up with Adam Machanic, group leader of the New England SQL Server user group, at SQL Saturday Boston. Find out what he shared with us.
- SQL Server meets database application security
  
  Make sure your SQL Server is secure by studying these general guidelines for secure database applications from SQL Server expert Roman Rehak.
- xVelocity Columnstore Indexes in SQL Server 2012
  
  Curious about how xVelocity can help with your columnstore indexes? Check out this tip from Basit Farooq to find out.
Windows IT
- Prepare for a SharePoint 2013 upgrade with five tips
  
  Considering an upgrade to SharePoint 2013? Find out the answers to the most common questions IT pros will ask before making the jump.
- Prioritize your IT tasks and finally conquer your to-do list
  
  It's easy to feel overwhelmed by a growing to-do list of IT tasks, but there are easy ways you can decide what to tackle first and what can wait.
- What to know to create Exchange 2013 site mailboxes with SharePoint
  
  Exchange 2013 site mailboxes tie SharePoint and Exchange 2013 together. Setup can be tricky, but understanding these five aspects can help.
Enterprise Desktop
- Why a Windows security scan is not enough to protect your workstations
  
  A traditional Windows security scan may lure IT into complacency about desktop vulnerabilities, so look at four areas to beef up Windows security.
- Microsoft addresses legacy apps with Windows 8 app compatibility tools
  
  New operating systems are always accompanied by compatibility concerns. Windows 8 app compatibility is no different, or is it?
- How to protect Windows startup from a compressed Boot Manager file
  
  This week, our expert answers a question on how a hidden file can hinder the Windows startup process and how to restore the Windows Boot Manager.
Virtual Desktop
- How Microsoft RDP 8.0 addresses WAN, graphics shortcomings
  
  Microsoft's Remote Desktop Protocol improves the user experience with the release of RDP 8.0 in Windows Server 2012, but there are some limitations.
- Making Citrix XenDesktop play nice with a VMware hypervisor
  
  You can run XenDesktop on a VMware hypervisor, but what does that entail? Learn how clustering and vCenter Server work in a mixed VDI environment.
- Four frustrating changes to Remote Desktop Services 2012
  
  Remote Desktop Services 2012 is missing the old Remote Control feature from 2008 R2, and there are some added requirements to the platform.

All Rights Reserved,Copyright - 2013, TechTarget