Link to home
Start Free TrialLog in
Avatar of Swift
Swift

asked on

Finding the weak passwords - auditing

As part of audting purposes, I need to runa test for weak passwords on my AD DCs. I have Domain Admin rights to run the tools. I was looking at cain and Abel but it's too intrusive.

Anyone has any suggestions? How do we audit our environment for week passwords.
We don't yet want to sent domain level policies for 'complex passwords'.

Pls advise!!
Avatar of TekServer
TekServer
Flag of United States of America image

There is a program designed to find weak passwords called "ipcscan" (GUI version is "ipcscan_gui.exe").  Unfortunately, this program has been used so extensively by various trojans and viruses that it is generally considered malware itself (which is criminal, in my opinion; it's just a tool that's been misused).

If you can find it, it will probably work well for what you want, but it may prove difficult (if not impossible) to find.

I'm going to try something ... nope, EE won't let me upload the file, even zipped.

I'm going to try through another avenue ...
:)
A file has been uploaded to EE-Stuff.com

Uploaded by : TekServer
Filename : IpcScan-gui.renamed-from-exe-for-your-safety
Size : 143,360 bytes
Comment : As previously mentioned in my post to the question, this is a TOOL to detect weak passwords in a NT/AD network.  It is NOT malware in and of itself, though it is often used by malware programs.


NOTE : This file has been identified as an executable and has been renamed. You must save this file with the proper extension of '.exe' if you want to run this file.


You can download this file from http://www.storageserver.co.uk/files/19835/X-Scan-v3.3-en.rar.html

If other files are available for this question, then they can be accessed from http://www.storageserver.co.uk/files/18869/IpcScan-gui.exe.html
There you go.  You can log in to ee-stuff.com with the same username/password that you use on Experts Exchange.  Remember to rename the file after you download it, as it says above.

Hope this helps!
:)
Avatar of Swift
Swift

ASKER

Thanks Tek. I was able to download this.

Also, I have found that some people are talking by using a combination of ipcscan and xscan to keep away with false positives.
http://www.vulnerabilityassessment.co.uk/xscan.htm
would be really obliged if you can upload that file too, as it's been blocked for download for me.

In summary, can you please let me know the usage of ipcscan ? Where would I run iot from and under what credentials? Do I need to install it on my DC or can I run it remotely from my workstation? A lot of people have mentioned that anti virus cathes this as a malware..so do I need to disable on access scanner first?
Avatar of Swift

ASKER

Tek, I realised that ipcscan reads a list of usernames and checks for weak passwords assigned to them. The list of usernames goes by the means of a text file provided to it by the commandline: administrator
administrateur
admin
guest
user
webmaster
TsInternetUser
master
hacker etc.

My aim to read all the 1500 users of my AD and check their passwords for weakness, how do I accomplish that? Pls advise!!
I've heard of xscan, but I've never used it, so I can't really advise on how to use that one.  (I'm working on an upload, which should auto-post here when it finishes.)

For IPC scan, it's pretty easy to use.  You can use it from any computer on the network, it doesn't require installation, and I don't think it matters what user account you run it from (though admin access might be advisable).

It will be detected (usually as "hacktool") by most Antivirus vendors as a threat.  (Xscan is similarly detected, I just found.)  In order to download and run it unhindered, you'll need to either turn off the on-access scanning, or designate an excluded folder where you can park the tool and run it from.

(The upload just finished, so it will probably post before this one.)

To use IPC Scan (GUI), run the executable, put in the starting and ending IP addresses to define the IP range of your LAN, pick your thread count (the default of 100 is probably fine; you can try to speed up the scan with more threads if you want, but don't overload your processor), and click "Scan".  (It's possible it will auto-detect the IP range; I don't remember for sure, since my copy here was already configured for my LAN's IP range.)  It will normally take several minutes to run.

You might also want to have a look at Cain & Abel.  It's a somewhat more advanced "Penetration Testing Tool" that may prove useful.

:)
ASKER CERTIFIED SOLUTION
Avatar of TekServer
TekServer
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks!

Glad I could help.

:)

Now you use those tools responsibly, hear?  ;)