In the past, testing for Windows-based password weaknesses was somewhat difficult if not downright painful. However, new tools and cracking techniques have emerged in both freeware and commercial applications recently that help streamline the process and actually make it kind of fun.
In order to effectively accomplish the tasks outlined in the methodology above, it takes various tools. The following tools should at least be on your radar if not in your security toolbox:
- Brutus for e-mail, telnet, etc. passwords (an absolute must)
- Cain & Abel for LM- and NTLM-hashed Windows passwords, Wireless Zero Configuration passwords, PWL files, RDP files, SQL hashes, and more
- Effective File Search for searching passwords in network files (i.e. searching for "password" in .txt, .doc, .xls, etc. files)
- John the Ripper for LM-hashed Windows passwords
- Microsoft Baseline Security Analyzer (MBSA) for missing and weak passwords
- NetBIOS Auditing Tool for Windows share passwords
- Proactive Password Auditor for LM- and NTLM-hashed Windows passwords and rainbow tables support
- Proactive System Password Recovery for RAS, PWL files, service accounts, and more
- pwdump3e for dumping Windows password hashes
- pwdump4 for dumping Windows password hashes
- TSGrinder for Terminal Services passwords
Using these tools in an ethical hacking methodology to find weak passwords on your Windows-based network is both an art and a science. I encourage you to check out the free password hacking chapter from my book Hacking For Dummies for more specifics.
Cracking network passwords
Step 1: Ethical hacking methodology
Step 2: Tools you should use
Step 3: What good are your findings?
ABOUT THE AUTHOR
Kevin Beaver is an information security consultant, keynote speaker, and expert witness with Atlanta-based Principle Logic, LLC where he specializes in performing independent security assessments.
This was first published in December 2005