|
Penetration Testing
mailing list archives
Re: [PEN-TEST] Expand right under Win2K
From: "Barber, Chris" <cbarber () ESTGSECURITY COM>
Date: Thu, 11 Jan 2001 16:21:13 -0500
I just ran Cybercop 5.5 against an NT4 SP6a network and it was able to
detect easily guessable passwords (i.e. password, default, blank, ETC.,
INCLUDING password = username).
Keep it up to date because I know that the Dictionary grows with each
update.
Chris
-----Original Message-----
From: Nelson [mailto:stderr () UNREAL SEKURE ORG]
Sent: Thursday, January 11, 2001 2:45 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Expand right under Win2K
On Thu, 11 Jan 2001, Beauregard, Claude Q wrote:
If I remember corectly Cybercop incorporates a password cracker that
doesn't
require access to the SAM file but I believe this is for NT 3.51 and 4.0.
However I assume they are keeping up with Win2k so they may have
incorporated some changes.
In version 5.5, Cybercop has the ability to Crack UNIX passwords only, but
it has a tool named "SMBGrind", that can do a "Dictonary Attack" against
NTLM Auth, i believe.
But, in the same version, 5.5, the Cybercop Scanner can test if lsasecrets
can be obtained. I can remember, but in the last test I made, was possible
to obtain "lsasecrets" against WinNT SP5. Hmmm... I don't know...
Sem mais,
--
Nelson Brito
Security Analyst && Penetration Tester
Security Networks AG / IBQN - http://www.secunet.de/
 By Date 
By Thread
Current thread:
- Re: [PEN-TEST] Expand right under Win2K, (continued)
|
Intro
