A Simple Way To Crack Passwords Across Your Domain for Compliance

Every quarter or more, you may have to figure out if everyone in your enterprise is being compliant with passwords. Sometimes Active Directory's password policy doesn't take into account some things you feel are more secure, such as not being able to use any words from the dictionary in your password.

So here is a simple guide to cracking passwords across the domain with pwdump3 and ophcrack.

In my example I am using a virtual WinXP machine with no anti-virus installed and running the dumps against the Active Directory server

Attachments:

pwdump3v2.zip

[used to grab PW hashes. remember to download on a machine w/ no AV]

87 Kb