Turn on password length of 6 and see who complains :P, that is if there
is some ethical problem with cracking the sam file, but I do have to
question why its not set to begin with.
Kunz, Jeffrey T. wrote:
> Dump the sam file (use pwdump) and run a cracker. The most simplistic
> settings on any cracker will show the blank passwords immediately.
>
> Regards,
>
> Jeff
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
> On Behalf Of igor.mamuzic (at) koncar-inem (dot) hr [email concealed]
> Sent: Monday, April 02, 2007 11:43 AM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Discovering Active Direcory users with blank passwords
>
> Is there a way to discover Active Directory users with blank passwords
> if I have domain admin privileges and local access to my domain
> controllers?
>
> Best Regards,
> Igor
>
>
> The preceding email message may be confidential or protected by the attorney-client privilege. It is not intended for transmission to, or receipt by, any unauthorized persons. If you have received this message in error, please (i) do not read it, (ii) reply to the sender that you received the message in error, and (iii) erase or destroy the message. Legal advice contained in the preceding message is solely for the benefit of the Foley & Lardner LLP client(s) represented by the Firm in the particular matter that is the subject of this message, and may not be relied upon by any other party.
>
>
> Internal Revenue Service regulations require that certain types of written advice include a disclaimer. To the extent the preceding message contains advice relating to a Federal tax issue, unless expressly stated otherwise the advice is not intended or written to be used, and it cannot be used by the recipient or any other taxpayer, for the purpose of avoiding Federal tax penalties, and was not written to support the promotion or marketing of any transaction or matter discussed herein.
>
>
>
is some ethical problem with cracking the sam file, but I do have to
question why its not set to begin with.
Kunz, Jeffrey T. wrote:
> Dump the sam file (use pwdump) and run a cracker. The most simplistic
> settings on any cracker will show the blank passwords immediately.
>
> Regards,
>
> Jeff
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
> On Behalf Of igor.mamuzic (at) koncar-inem (dot) hr [email concealed]
> Sent: Monday, April 02, 2007 11:43 AM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Discovering Active Direcory users with blank passwords
>
> Is there a way to discover Active Directory users with blank passwords
> if I have domain admin privileges and local access to my domain
> controllers?
>
> Best Regards,
> Igor
>
>
> The preceding email message may be confidential or protected by the attorney-client privilege. It is not intended for transmission to, or receipt by, any unauthorized persons. If you have received this message in error, please (i) do not read it, (ii) reply to the sender that you received the message in error, and (iii) erase or destroy the message. Legal advice contained in the preceding message is solely for the benefit of the Foley & Lardner LLP client(s) represented by the Firm in the particular matter that is the subject of this message, and may not be relied upon by any other party.
>
>
> Internal Revenue Service regulations require that certain types of written advice include a disclaimer. To the extent the preceding message contains advice relating to a Federal tax issue, unless expressly stated otherwise the advice is not intended or written to be used, and it cannot be used by the recipient or any other taxpayer, for the purpose of avoiding Federal tax penalties, and was not written to support the promotion or marketing of any transaction or matter discussed herein.
>
>
>
[ reply ]