Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: user default password checking tool

From: Daniel DeLeo <danielsdeleo () comcast net>
Date: Fri, 15 Sep 2006 13:54:49 -0600
I hope that you changed the details of your real procedure for the post, i.e., that you don't exactly use default passwords of vs123. It's not safe to post details of your default password policy in a public forum. If your post details the exact way that default passwords are generated, I would suggest you change your policy. You don't want to give an attacker a head start!
My skills are for *NIX systems, so I'll let other people on the list respond with tools to solve your problem, though if you have skills with Perl, Ruby, Python, or whatever, it shouldn't be difficult to write a script that takes the user's name from a list, grabs the first letters, forces them to lowercase, appends '123' and does whatever Hashing/encrypting windows does to passwords, and finally looks for that entry in the password file/database/whatever. Depending on how paranoid you are, you might want to look into using John the ripper or other password cracking tools (look in the archives of this list, or Google for them) to make sure your users use reasonably strong passwords. 

Daniel DeLeo

On Sep 14, 2006, at 7:41 PM, vijay shetti wrote:


hello all!!

In my company when we create a new user he is given an initial
password.But then he is told to change the password.The password is
initial of the employee name followed by 123..
for vijay shetti it willl be vs123...

We have a domain based environment.I want to check now how many users
have not changed their initial password using some tool that gives me
list of usernames whose password has 123 in the end.


We follow the same procedure for creating outlook mail password.If
there is any tool/script that also helps me find out this then it will
greatly help me.


Waiting for your reply,
Pavan.
---------------------------------------------------------------------- ----- 
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------- ----- 




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: