Are there any free tools that can test domain passwords as part of a security audit. I know you can use tools to dump hashes, but I was after something more "live" to conduct with the administrator. I.e. if you know for a specific server,
that the local admin group has 3 domain groups as membership and 3 domain accounts, to run a small dictionary list of 5 possible passwords against each account and return the results. Our domain policy has complexity and minimum length parameters enforced
however often we still find weak passwords such as username=password, username=a corporate default, username=Password01 etc.
↧