Need to "hack" my own Active Directory

stoofa

stoofa

stoofa

Soldato
Joined
4 Mar 2003
Posts
12,522
Location
Chatteris
We are in the process of attempting to enforce "complex passwords" on our domain.
It's a long history as to why we don't already - suffice to say high management see them as a "pain" rather than a level of security we should embrace.

I want to "hack" our own AD and attempt to get a list of our user's passwords - to show management just how easy some of these passwords would be to brute force or guess.

Back in the day you could extract the SAM and run a free brute force program on it.
What would the process be these days - what tools are there out there?
This is now a Server 2008 R2 domain and I want to achieve the same result - a list of my user's passwords.

I know this could be seen as a "dodgy" request.
All I can say is this is for our own internal information - there is nothing "dodgy" going on here at all.
 
Burnsy2023 said:
Are they stored using reversible encryption?
Click to expand...

As Burnsy said its all about the AD setup. Its still quite easy to crack a local SAM on a computer, get the local administrator password, but even with low AD security setup it can be hard...

Stelly
 
We wanted to do this at work.

We got the work experience kid to go through all the profiles with 3 obvious passwords - it was worrying how many were just 'password' :p
 
Just ask your users for their password. This will highlight two things:

1: How simple the passwords are
2: How willing users are to give out their password!

:p
 
ajstan said:
We got the work experience kid to go through all the profiles with 3 obvious passwords - it was worrying how many were just 'password' :p
Click to expand...

Poor guy.

If you can't get complexity passed, try upping the minimum password length to 10+ and teach people how to use phrases instead. This combined with account lockout will make brute force attacks useless.

Have you tried explaining to management why good passwords are important? Do you have any externally facing services that require AD auth?
 
I was doing this the other week in the testing lab at work. Still very easy to do on simple passwords.

I cant believe any managers would be opposed to implementing password complexity. It is the job as the IT manager or CIRO/CISO or whoever to highlight the potential damage and the relative ease of breaking passwords!

I just find it crazy that any company big enough to justify having an AD domain doesnt have this enforced!
 
The purpose of complex passwords is not strictly to prevent a brute force crack. As has been said, even in a low security set up this can be difficult. It is more to stop password guessing exercises.

Do you have shared computing resources? If everyone has their own office, it's difficult to 'snoop'. If you have shared areas however.... this can be a good reason to enforce.

Do you have inactivity timeouts? Always good to lock the screen after 'x' period of time. Downside - shared computers areas - the machine is locked. Unless your OS allows it (W7 does), you can't login to the machine.

What industry are you in? Is the data very sensitive? Again, a good reason to enable.

I'm not sure a brute force hack is worthwhile..... it would be impressive to show management this, but if it was that easy, you could Google it and find an answer.

My gut feeling tho - Let's face it - if your company valued it's security that highly, they would already have sorted this problem and you certainly wouldn't be trying to put a case together for enabling this functionality. If your users valued their security that highly, they would already have a good, solid password.
 
You must log in or register to reply here.
Back
Top Bottom