Indeed, that is why some folks referred to lophtcrack as password auditing software vs a password cracking mechanism....it's somehow more palatable...lol.
At the end of the day, the lowest common denominator is that you are cracking them. Other reasons are to see if default passwords are being used across multiple accounts/environments or someone is using the same password multiple places etc etc etc. Security teams can find lots of reasons to justify it :-] We ran lophtcrack against an NT SAM with ~25K user accounts back in the day and the results were indeed illuminating. /apologies to ASB for the 2 "indeeds" :-) -----Original Message----- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, July 21, 2010 10:23 AM To: NT System Admin Issues Subject: RE: Password Access Windows 2003 and Above Servers Actually another good reason to try and crack the password is to test the strength of the passwords your are setting on the systems. I did this with my passwords and OPHCRACK and rainbow tables and it took a good bit of time before the passwords chosen, where cracked... Just make sure you have written approval before you start cracking passwords on systems you don’t know... Could be stepping into very hot water, especially if they come after you with violations of the computer abuse and fraud act. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -----Original Message----- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, July 21, 2010 11:29 AM To: NT System Admin Issues Subject: RE: Password Access Windows 2003 and Above Servers Sometimes people have a need to know because it's hardcoded in programs, services run with it across platforms etc. Terrible practice but I have seen lots of cases over the years where folks wanted to crack vs reset for that reason. Also comes up in the case of disgruntled sysadmins, M&A activity etc. Back in the day it was lophtcrack to the rescue, now there are many alternatives as you have seen this morning. -----Original Message----- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Wednesday, July 21, 2010 8:16 AM To: NT System Admin Issues Subject: RE: Password Access Windows 2003 and Above Servers No prob. I, personally, am not aware of anything that can *crack* a password. Apparently there are some tools to do that, but why bother when you can just *reset* the password? :-) -----Original Message----- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, July 21, 2010 11:02 AM To: NT System Admin Issues Subject: RE: Password Access Windows 2003 and Above Servers No doubt it works. I first used it years ago on NT when it was really the only game in town, I wasn't refuting the veracity of the tool, just the applicability WRT OP's query :-] -----Original Message----- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Wednesday, July 21, 2010 7:43 AM To: NT System Admin Issues Subject: RE: Password Access Windows 2003 and Above Servers Nope. You're correct. It's not the same. However, Pete Nordahl's disk really *does* reset the password. It will NOT let you crack the password. I don't know of anything that'll let you "crack" the password. -----Original Message----- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, July 21, 2010 10:17 AM To: NT System Admin Issues Subject: RE: Password Access Windows 2003 and Above Servers Crack !=reset -----Original Message----- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Wednesday, July 21, 2010 7:10 AM To: NT System Admin Issues Subject: RE: Password Access Windows 2003 and Above Servers Well, you could try Pete Nordahl's NT Password Reset Disk. That can be found here: http://pogostick.net/~pnh/ntpasswd/ -----Original Message----- From: David Elebute [mailto:deleb...@traveltechnologyservices.net] Sent: Wednesday, July 21, 2010 9:57 AM To: NT System Admin Issues Subject: Password Access Windows 2003 and Above Servers I know this is an old topic, so i apologize for being redundant. But we just got asked to crack the administrator password of a network or three servers that the old IT company is refusing to give access to due to a dispute between outgoing and incoming ownership teams. Any tools (hopefully free) that can do this for us? i remember using a PX something program a while back, but canoot find the procedure for running it. Please any and all help is greatly appreciated. D.Elebute ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
