Solved

Finding the weak passwords - auditing

Posted on 2009-04-14
8
2,530 Views
Last Modified: 2016-08-29
As part of audting purposes, I need to runa test for weak passwords on my AD DCs. I have Domain Admin rights to run the tools. I was looking at cain and Abel but it's too intrusive.

Anyone has any suggestions? How do we audit our environment for week passwords.
We don't yet want to sent domain level policies for 'complex passwords'.

Pls advise!!
0
Comment
Question by:fahim
  • 6
  • 2
8 Comments
 
LVL 10

Expert Comment

by:TekServer
ID: 24139253
There is a program designed to find weak passwords called "ipcscan" (GUI version is "ipcscan_gui.exe").  Unfortunately, this program has been used so extensively by various trojans and viruses that it is generally considered malware itself (which is criminal, in my opinion; it's just a tool that's been misused).

If you can find it, it will probably work well for what you want, but it may prove difficult (if not impossible) to find.

I'm going to try something ... nope, EE won't let me upload the file, even zipped.

I'm going to try through another avenue ...
:)
0
 
LVL 10

Expert Comment

by:TekServer
ID: 24139297
A file has been uploaded to EE-Stuff.com

Uploaded by : TekServer
Filename : IpcScan-gui.renamed-from-exe-for-your-safety
Size : 143,360 bytes
Comment : As previously mentioned in my post to the question, this is a TOOL to detect weak passwords in a NT/AD network.  It is NOT malware in and of itself, though it is often used by malware programs.


NOTE : This file has been identified as an executable and has been renamed. You must save this file with the proper extension of '.exe' if you want to run this file.


You can download this file from https://filedb.experts-exchange.com/incoming/ee-stuff/7599-Ip.renamed-from-exe-for-your-safety

If other files are available for this question, then they can be accessed from https://filedb.experts-exchange.com/incoming/ee-stuff/7609-X-Scan-v3.3-en.rarhttps://filedb.experts-exchange.com/incoming/ee-stuff/7599-Ip.renamed-from-exe-for-your-safety
0
 
LVL 10

Expert Comment

by:TekServer
ID: 24139330
There you go.  You can log in to ee-stuff.com with the same username/password that you use on Experts Exchange.  Remember to rename the file after you download it, as it says above.

Hope this helps!
:)
0
 

Author Comment

by:fahim
ID: 24173867
Thanks Tek. I was able to download this.

Also, I have found that some people are talking by using a combination of ipcscan and xscan to keep away with false positives.
http://www.vulnerabilityassessment.co.uk/xscan.htm
would be really obliged if you can upload that file too, as it's been blocked for download for me.

In summary, can you please let me know the usage of ipcscan ? Where would I run iot from and under what credentials? Do I need to install it on my DC or can I run it remotely from my workstation? A lot of people have mentioned that anti virus cathes this as a malware..so do I need to disable on access scanner first?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:fahim
ID: 24173989
Tek, I realised that ipcscan reads a list of usernames and checks for weak passwords assigned to them. The list of usernames goes by the means of a text file provided to it by the commandline: administrator
administrateur
admin
guest
user
webmaster
TsInternetUser
master
hacker etc.

My aim to read all the 1500 users of my AD and check their passwords for weakness, how do I accomplish that? Pls advise!!
0
 
LVL 10

Expert Comment

by:TekServer
ID: 24174078
I've heard of xscan, but I've never used it, so I can't really advise on how to use that one.  (I'm working on an upload, which should auto-post here when it finishes.)

For IPC scan, it's pretty easy to use.  You can use it from any computer on the network, it doesn't require installation, and I don't think it matters what user account you run it from (though admin access might be advisable).

It will be detected (usually as "hacktool") by most Antivirus vendors as a threat.  (Xscan is similarly detected, I just found.)  In order to download and run it unhindered, you'll need to either turn off the on-access scanning, or designate an excluded folder where you can park the tool and run it from.

(The upload just finished, so it will probably post before this one.)

To use IPC Scan (GUI), run the executable, put in the starting and ending IP addresses to define the IP range of your LAN, pick your thread count (the default of 100 is probably fine; you can try to speed up the scan with more threads if you want, but don't overload your processor), and click "Scan".  (It's possible it will auto-detect the IP range; I don't remember for sure, since my copy here was already configured for my LAN's IP range.)  It will normally take several minutes to run.

You might also want to have a look at Cain & Abel.  It's a somewhat more advanced "Penetration Testing Tool" that may prove useful.

:)
0
 
LVL 10

Accepted Solution

by:
TekServer earned 500 total points
ID: 24174083
Hmm ... apparently I forgot to click the autopost check box on EE-Stuff.

Here's that link to XScan:  https://filedb.experts-exchange.com/incoming/ee-stuff/7609-X-Scan-v3.3-en.rar

:\
0
 
LVL 10

Expert Comment

by:TekServer
ID: 24244302
Thanks!

Glad I could help.

:)

Now you use those tools responsibly, hear?  ;)
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now