Network Security: Detailed info on Re: Highlighting weak password dangers

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Security-Basics

[Top] [All Lists]

Re: Highlighting weak password dangers

from [Manuel Arostegui Ramirez] Network Security

[Permanent Link]

Subject:	Re: Highlighting weak password dangers
Date:	Thu, 25 Jan 2007 22:37:06 +0100

El Miércoles, 24 de Enero de 2007 18:15, WALI escribió:

I want to highlight the danger of using weak passwords on servers and users
admin desktops. I have tested TSgrinder with a basic dictionary Brute Force
to access Remote Desktop exploit on both servers and desktops. The problem
here is that when connected to domain, the Account Lockout feature disables
the account quite soon. I can only show the exploit on machines not
connected to the domain where Domain Security policy doesn't flow down.

What are other interesting and intriguing ways to present this problem? I
also need a system to do Passwords Audit on my domain and make then 'secure
password' policy compliance.


Try Babel Enterprise, it runs on Linux, Windows (XP, 2003 Server, 2000) and 
most Unix (HP-UX, AIX...)

http://babel.sourceforge.net/en/index.php

Hope this helps.
-- 
Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
ENC: Password Pride - A Humorous Vulnerability, Marcus Valsecchi RE: Password Pride - A Humorous Vulnerability, Dixon, Wayne Re: Password Pride - A Humorous Vulnerability, Melissa RE: Password Pride - A Humorous Vulnerability, David Gillett Re: Password Pride - A Humorous Vulnerability, RS RE: Password Pride - A Humorous Vulnerability, Murda Mcloud Message not available Highlighting weak password dangers, WALI RE: Highlighting weak password dangers, Simon W. Hall RE: Highlighting weak password dangers, Scott Ramsdell Re: Highlighting weak password dangers, Manuel Arostegui Ramirez <= Re: Highlighting weak password dangers, Alexander Bolante Re: Highlighting weak password dangers, anesde Message not available Re: Port 8081 mystery, WALI Message not available Port 8081 mystery, WALI RE: Port 8081 mystery, Gressick, Michael Re: Port 8081 mystery, Brian . D . Turk RE: Port 8081 mystery, Remad Re: Port 8081 mystery, George A. Theall Re: Port 8081 mystery, Johnny Wong RE: Port 8081 mystery, Sandro, Herpich

Previous by Date:	RE: Notebook policy (need advice), Eric Furman
Next by Date:	RE: Highlighting weak password dangers, Scott Ramsdell
Previous by Thread:	RE: Highlighting weak password dangers, Scott Ramsdell
Next by Thread:	Re: Highlighting weak password dangers, Alexander Bolante
Indexes:	[Date] [Thread] [Top] [All Lists]