Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Finding the weak passwords - auditing

Posted on 2009-04-14
8
Medium Priority
?
2,762 Views
Last Modified: 2017-03-21
As part of audting purposes, I need to runa test for weak passwords on my AD DCs. I have Domain Admin rights to run the tools. I was looking at cain and Abel but it's too intrusive.

Anyone has any suggestions? How do we audit our environment for week passwords.
We don't yet want to sent domain level policies for 'complex passwords'.

Pls advise!!
0
Comment
Question by:fahim
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
8 Comments
 
LVL 10

Expert Comment

by:TekServer
ID: 24139253
There is a program designed to find weak passwords called "ipcscan" (GUI version is "ipcscan_gui.exe").  Unfortunately, this program has been used so extensively by various trojans and viruses that it is generally considered malware itself (which is criminal, in my opinion; it's just a tool that's been misused).

If you can find it, it will probably work well for what you want, but it may prove difficult (if not impossible) to find.

I'm going to try something ... nope, EE won't let me upload the file, even zipped.

I'm going to try through another avenue ...
:)
0
 
LVL 10

Expert Comment

by:TekServer
ID: 24139297
A file has been uploaded to EE-Stuff.com

Uploaded by : TekServer
Filename : IpcScan-gui.renamed-from-exe-for-your-safety
Size : 143,360 bytes
Comment : As previously mentioned in my post to the question, this is a TOOL to detect weak passwords in a NT/AD network.  It is NOT malware in and of itself, though it is often used by malware programs.


NOTE : This file has been identified as an executable and has been renamed. You must save this file with the proper extension of '.exe' if you want to run this file.


You can download this file from http://www.storageserver.co.uk/files/19835/X-Scan-v3.3-en.rar.html

If other files are available for this question, then they can be accessed from http://www.storageserver.co.uk/files/18869/IpcScan-gui.exe.html
0
 
LVL 10

Expert Comment

by:TekServer
ID: 24139330
There you go.  You can log in to ee-stuff.com with the same username/password that you use on Experts Exchange.  Remember to rename the file after you download it, as it says above.

Hope this helps!
:)
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:fahim
ID: 24173867
Thanks Tek. I was able to download this.

Also, I have found that some people are talking by using a combination of ipcscan and xscan to keep away with false positives.
http://www.vulnerabilityassessment.co.uk/xscan.htm
would be really obliged if you can upload that file too, as it's been blocked for download for me.

In summary, can you please let me know the usage of ipcscan ? Where would I run iot from and under what credentials? Do I need to install it on my DC or can I run it remotely from my workstation? A lot of people have mentioned that anti virus cathes this as a malware..so do I need to disable on access scanner first?
0
 

Author Comment

by:fahim
ID: 24173989
Tek, I realised that ipcscan reads a list of usernames and checks for weak passwords assigned to them. The list of usernames goes by the means of a text file provided to it by the commandline: administrator
administrateur
admin
guest
user
webmaster
TsInternetUser
master
hacker etc.

My aim to read all the 1500 users of my AD and check their passwords for weakness, how do I accomplish that? Pls advise!!
0
 
LVL 10

Expert Comment

by:TekServer
ID: 24174078
I've heard of xscan, but I've never used it, so I can't really advise on how to use that one.  (I'm working on an upload, which should auto-post here when it finishes.)

For IPC scan, it's pretty easy to use.  You can use it from any computer on the network, it doesn't require installation, and I don't think it matters what user account you run it from (though admin access might be advisable).

It will be detected (usually as "hacktool") by most Antivirus vendors as a threat.  (Xscan is similarly detected, I just found.)  In order to download and run it unhindered, you'll need to either turn off the on-access scanning, or designate an excluded folder where you can park the tool and run it from.

(The upload just finished, so it will probably post before this one.)

To use IPC Scan (GUI), run the executable, put in the starting and ending IP addresses to define the IP range of your LAN, pick your thread count (the default of 100 is probably fine; you can try to speed up the scan with more threads if you want, but don't overload your processor), and click "Scan".  (It's possible it will auto-detect the IP range; I don't remember for sure, since my copy here was already configured for my LAN's IP range.)  It will normally take several minutes to run.

You might also want to have a look at Cain & Abel.  It's a somewhat more advanced "Penetration Testing Tool" that may prove useful.

:)
0
 
LVL 10

Accepted Solution

by:
TekServer earned 2000 total points
ID: 24174083
Hmm ... apparently I forgot to click the autopost check box on EE-Stuff.

Here's that link to XScan:  http://www.storageserver.co.uk/files/18869/IpcScan-gui.exe.html

:\
0
 
LVL 10

Expert Comment

by:TekServer
ID: 24244302
Thanks!

Glad I could help.

:)

Now you use those tools responsibly, hear?  ;)
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question