Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: [PEN-TEST] Expand right under Win2K

Re: [PEN-TEST] Expand right under Win2K

From: Barber, Chris <cbarber_at_ESTGSECURITY.COM>
Date: Thu, 11 Jan 2001 16:21:13 -0500

I just ran Cybercop 5.5 against an NT4 SP6a network and it was able to
detect easily guessable passwords (i.e. password, default, blank, ETC.,
INCLUDING password = username).

Keep it up to date because I know that the Dictionary grows with each
update.

Chris

-----Original Message-----
From: Nelson [mailto:stderr_at_UNREAL.SEKURE.ORG]
Sent: Thursday, January 11, 2001 2:45 PM
To: PEN-TEST_at_SECURITYFOCUS.COM
Subject: Re: [PEN-TEST] Expand right under Win2K

On Thu, 11 Jan 2001, Beauregard, Claude Q wrote:

> If I remember corectly Cybercop incorporates a password cracker that
doesn't
> require access to the SAM file but I believe this is for NT 3.51 and 4.0.
> However I assume they are keeping up with Win2k so they may have
> incorporated some changes.

In version 5.5, Cybercop has the ability to Crack UNIX passwords only, but
it has a tool named "SMBGrind", that can do a "Dictonary Attack" against
NTLM Auth, i believe.

But, in the same version, 5.5, the Cybercop Scanner can test if lsasecrets
can be obtained. I can remember, but in the last test I made, was possible
to obtain "lsasecrets" against WinNT SP5. Hmmm... I don't know...

Sem mais, 

--
Nelson Brito
Security Analyst && Penetration Tester
Security Networks AG / IBQN - http://www.secunet.de/
Received on Jan 11 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos