Finding the weak passwords - auditing

As part of audting purposes, I need to runa test for weak passwords on my AD DCs. I have Domain Admin rights to run the tools. I was looking at cain and Abel but it's too intrusive.

Anyone has any suggestions? How do we audit our environment for week passwords.
We don't yet want to sent domain level policies for 'complex passwords'.

Pls advise!!
Who is Participating?
TekServerConnect With a Mentor Commented:
Hmm ... apparently I forgot to click the autopost check box on EE-Stuff.

Here's that link to XScan:

There is a program designed to find weak passwords called "ipcscan" (GUI version is "ipcscan_gui.exe").  Unfortunately, this program has been used so extensively by various trojans and viruses that it is generally considered malware itself (which is criminal, in my opinion; it's just a tool that's been misused).

If you can find it, it will probably work well for what you want, but it may prove difficult (if not impossible) to find.

I'm going to try something ... nope, EE won't let me upload the file, even zipped.

I'm going to try through another avenue ...
A file has been uploaded to

Uploaded by : TekServer
Filename : IpcScan-gui.renamed-from-exe-for-your-safety
Size : 143,360 bytes
Comment : As previously mentioned in my post to the question, this is a TOOL to detect weak passwords in a NT/AD network.  It is NOT malware in and of itself, though it is often used by malware programs.

NOTE : This file has been identified as an executable and has been renamed. You must save this file with the proper extension of '.exe' if you want to run this file.

You can download this file from

If other files are available for this question, then they can be accessed from
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

There you go.  You can log in to with the same username/password that you use on Experts Exchange.  Remember to rename the file after you download it, as it says above.

Hope this helps!
fahimAuthor Commented:
Thanks Tek. I was able to download this.

Also, I have found that some people are talking by using a combination of ipcscan and xscan to keep away with false positives.
would be really obliged if you can upload that file too, as it's been blocked for download for me.

In summary, can you please let me know the usage of ipcscan ? Where would I run iot from and under what credentials? Do I need to install it on my DC or can I run it remotely from my workstation? A lot of people have mentioned that anti virus cathes this as a do I need to disable on access scanner first?
fahimAuthor Commented:
Tek, I realised that ipcscan reads a list of usernames and checks for weak passwords assigned to them. The list of usernames goes by the means of a text file provided to it by the commandline: administrator
hacker etc.

My aim to read all the 1500 users of my AD and check their passwords for weakness, how do I accomplish that? Pls advise!!
I've heard of xscan, but I've never used it, so I can't really advise on how to use that one.  (I'm working on an upload, which should auto-post here when it finishes.)

For IPC scan, it's pretty easy to use.  You can use it from any computer on the network, it doesn't require installation, and I don't think it matters what user account you run it from (though admin access might be advisable).

It will be detected (usually as "hacktool") by most Antivirus vendors as a threat.  (Xscan is similarly detected, I just found.)  In order to download and run it unhindered, you'll need to either turn off the on-access scanning, or designate an excluded folder where you can park the tool and run it from.

(The upload just finished, so it will probably post before this one.)

To use IPC Scan (GUI), run the executable, put in the starting and ending IP addresses to define the IP range of your LAN, pick your thread count (the default of 100 is probably fine; you can try to speed up the scan with more threads if you want, but don't overload your processor), and click "Scan".  (It's possible it will auto-detect the IP range; I don't remember for sure, since my copy here was already configured for my LAN's IP range.)  It will normally take several minutes to run.

You might also want to have a look at Cain & Abel.  It's a somewhat more advanced "Penetration Testing Tool" that may prove useful.


Glad I could help.


Now you use those tools responsibly, hear?  ;)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.