Focus on Microsoft
Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: Discovering Active Direcory users with blank passwords
Apr 17 2007 09:14AM
Nicolas RUFF (nicolas ruff gmail com)
> I've got them using pwddump, so thanks to all on good hints.
Just a quick note: you do not need to crack passwords after running PWDUMP.
Since LM and NTLM hashes are not salted, an empty password will always
have the same hash.
LM empty password = AAD3B435B51404EEAAD3B435B51404EE
NTLM empty p...
[ more ]
Copyright 2010, SecurityFocus