Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Password Auditing
From: Nico Golde <fd () ngolde de>
Date: Sat, 5 May 2007 01:26:25 +0200

Hi,
* Mike Gibson <micheal.gibson () gmail com> [2007-05-04 21:07]:
Can anyone recommend a good password auditing tool. Basically I 
want to identify weak passwords on my servers (Windows, Linux, Unix).
Ideally this would be done by a tool that could remotely fetch 
the local password database and then attempt to brute force the 
passwords and prepare a report in a central location.

Any suggestions?

#include <unistd.h>
#include <stdio.h>

int main (int argc, char **argv){
    if(argc != 3)
        return -1;

    printf("%s:%s:2305:0:99999:7:::\n", user, crypt(argv[1],argv[2]));
    return 0;
}

gcc -lcrypt file.c -o foo
./foo <user> <pass> > shadow
Use john to crack shadow and look how long it takes ;-P
Kind regards
Nico
-- 
Nico Golde - JAB: nion () jabber ccc de | GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons -
gimme a keyboard with 103/104/105 keys!

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]