Penetration Testing: RE: Password Audit tools

["Paris E. Stone" <pstone () alhurra com>]

Google up "Rainbow Tables"

Then stop using anything else.

~~~~~
Paris E. Stone, "Linux Zealot"
CISSP, CCNP, CNE, MCSE, CIW Master Administrator
~~~~~
"Not all who wander are lost."
J.R.R.T.

-----Original Message-----
From: Christian Martorella [mailto:laramies2k () yahoo com ar] 
Sent: Tuesday, December 14, 2004 12:04 PM
To: Jeffrey M.Miller CISSP
Cc: pen-test () securityfocus com
Subject: Re: Password Audit tools

If you are looking for OpenSource alternatives you should check:

Cain & Abel could be useful for your needs,  (http://www.oxid.it/) , it 
has a complete suite of cracking tools.
Lepton's Crack  (http://www.nestonline.com/lcrack/) it's very good, and 
it support regular expressions.
John The Ripper (http://www.openwall.com/john)

And for remote password cracking you could use:
Hydra    http://www.thc.org/thc-hydra/

Hope it helps

Laramies


Jeffrey M.Miller CISSP wrote:

> I've used Internet Security Scanner from ISS and really like it's 
> ability to pull users from NT domains and test common passwords, such 
> as username=password, password=password, etc.
>
> I've considered purchasing the consultant version of l0phtcrack LC5.
>
> Has anyone used LC5 and can anyone compare it to ISS?  Also are there 
> any OpenSource tools that can do these sorts of checks?
>
> Thanks
>
> J_