I want to crack users passwords off our windows 2003 domain controller to show weaknesses that exist. I thought that if i used pwdump or Winternals ERD Commander along with LC5 i might be able to accomplish this. At least it sounds good. Does anyone have any suggestions or comments that I might be on the right track or not. I dont want to purchase any software but i'm open to cheap ($) suggestions. I allready own LC5 and am willing to purchase anything from them or winternals.