| Looking for a tool or utility to crack password? |
|
 |
Index ‹ Windows OS ‹ Security
|
- Previous
- 1
- 2
- Directory >> Remote Reboot Registry KeysI am looking for the Rebote Reboot Registry keys but am having no luck in
locating them. I need these because I have added Guest and Interactive to the
users list and need to copy this to all my other stations remotely. Any one
with a suggestion is greatly appreciated.
Thanks
James
- 3
- WindowsMe >> Windows Me Hangs on boot upPer the Dell support people, I was told I have the LovSan
virus, however, reading through this message board, I'm
seeing someone had the problem I'm having well before this
(posted 8/3 at 5:36 pm), but no one posted a solution.
Any thoughts? (Though I also installed a game a week
before it worked fine in the meantime.) Let me know if
any other info would be helpful. Thanks!!
DKP - text of previous post added:
My friend has Windows ME on his computer and recently he
installed a game program on it. After restarting the
computer it gets stuck on the screen which shows the
Windows ME logo. The light blue bar at the bottom of the
screen keeps scrolling to the right, so it seems the
computer is not hung. But it does not go on any further
and just stays on this screen forever.
Be booted off a floppy to a DOS prompt and
ran 'scandisk /all' and 'scanreg /restore', but it did
not help.
I've never seen this problem before and there is no error
message, so Im not sure what to do next. We are
considering reinstall the OS again, but would like to
avoid it if possible. Would appreciate it if you can
help. Thanks.
Omar
.
- 4
- WindowsServices >> Directing Users to pagesDoes anyone know how I can capture the username and password of the user
logging into the sharepoint site and then redirect them to particular pages
depending on the username, for example user abc logs in and I want them to be
directed to their own page that only they can see, if user def logs in then
they are directed to their page, User abc cannot get to user def's page. Any
help would be greatly appreciated.
- 5
- WindowsServices >> Activity RepoertIs there a way to produce an activity report fro specific pages to se who has
visited a page either by users or IP address? We seem to think we had this
ability on the old version of sharepoint.
- 6
- WindowsServices >> WSS Folder propertyhi,
Does anybody know how to assign property to folder in wss document library.
I know how to do it with files. But i searched on net and found no solution.
Neither has anyone mentioned that this not possible. Is it possible or not?
If so how?
Thanks in advance,
Abhilash
- 7
- 8
- WindowsMe >> Cannot Un-Check "Mute All" Checkbox in sound properties........I posted this earlier in this ng with no reply, I'm hoping someone can
help me out here. The original post was:
In the volume control dialog box(es) in Windows ME, I cannot un-check
the "Mute All" checkbox, the speaker icon in the taskbar is red-slashed
out, and there is no sound.
All appears okay in Task Mangler, yet there is no sound. This has
happened before, and I fixed it by running system restore, but I would
like to find out if there is a better, more specific fix I could try.
Any ideas, anyone? Any help would be appreciated.
Thanks, all...
Mark Mestman
Guitarmakerm...@yahoo
- 9
- Drivers >> Vista x64 Device Driver DTM Test IssueHello Everyone:
Because I don't find DTM newsgroup, I put the question here. Any comment
will be appreciated!
On Vista x64, driver MUST have Windows Signed before installing. Then how to
run WHQL submission test before driver getting Windows Signed for x64 Vista?
Best Regards
- 10
- WindowsServer >> spoolsv.exei want write one batch to restart daily the spoolsv.exe with "system" as
user. It's possible? How can i do it.
thanks
Kader
- 11
- active directory >> Slow loginsHello.
I'm running a small network (6 machines total, 2 laptops,
4 desktops). My PDC is server 2003 running AD. It's a P3
1GHz with 80GB total drive space and 320MB of RAM.
My workstations (the 2 laptops) are slow logging into the
network and applying the security settings. At first I
thought I was having issues with the Netgear router/wap
and wireless NICs. I connected one of the laptops
directly to the same 10/100 hub that the server is
attached to (an Intel 10/100 8 port hub) to test the
theory. The login still takes a long time to log in and
apply the settings. Everything else in AD is straight
defaults, I haven't started playing around with any
policies.
Any ideas?
Rob
- 12
- 13
- Security >> Remote Assistance SettingsWe just installed wireless on our laptop so it connects to our dekstop
modem/router.
We happened to be looking in System Properties on the laptop and noticed the
following in "Remote Assistance Settings"
"Allow this computer to be controlled remotely."
And "YES" is checked.
Is that OKAY? (Security Problem) Or should the "YES" be UN-checked?
- 14
- win2000 >> slow shutdown in Windows 2000I recently had Windows 2000 reinstalled on my computer and
now it shuts down very slow or not at all by itself and I
then have to turn it off by using the button. It usually
happens after I've just been in Outlook or on the
internet. But if it has been idle for some time then it
will shut down.
- 15
|
| Author |
Message |
Duck1
|
 Posted: Sat Oct 22 00:14:54 CDT 2005 |
Top |
Security >> Looking for a tool or utility to crack password?
We are trying to educate our users the importance of using complex password
and i am looking for a utility or any software available on the market to
demonstrate to them how easy to crack their password if using simple
password. They will just enter their password and it will show how fast it is
decoded. The utilty is not intented to run against the domain logon account.
They will just key in their password and the tool will either shows how
quick it is easily cracked because it is not complex.
Appreciate if you know the avaiability of such tool. Thks
Windows OS229
|
| |
|
| |
|
Roger
|
| Posted: Sat Oct 22 00:14:54 CDT 2005 |
Top |
Security >> Looking for a tool or utility to crack password?
Let me get this right, you will have your users go to some
tremendously well secured interface where they will be asked
to enter their password. You then want some tool that looks
at the password and says how hard it is to crack it?
Hmmmm. So we train the users to go and enter their password
on pages that do not look like system login pages. We have that
password travel to the server is a less well securied way than it
ever does when the OS remotely challenges for authentication.
And finally, we guess how difficult it would be to crack into that
password once it has been hashed. Is that about right ?
People usually just get one of the cracking tools, free or for low
cost, and then run that against the account store and then notify
the people of how long it took to find their password.
--
Roger Abell
Microsoft MVP (Windows Server : Security)
MCDBA, MCSE W2k3+W2k+Nt4
"Guy" <EMail@HideDomain.com> wrote in message
news:EMail@HideDomain.com...
> We are trying to educate our users the importance of using complex
> password
> and i am looking for a utility or any software available on the market to
> demonstrate to them how easy to crack their password if using simple
> password. They will just enter their password and it will show how fast it
> is
> decoded. The utilty is not intented to run against the domain logon
> account.
> They will just key in their password and the tool will either shows how
> quick it is easily cracked because it is not complex.
>
> Appreciate if you know the avaiability of such tool. Thks
>
|
| |
|
| |
|
Guy
|
| Posted: Sat Oct 22 10:06:02 CDT 2005 |
Top |
Security >> Looking for a tool or utility to crack password?
Hi Roger,
Thanks for the reply, May be i did not ask the question properly. It will be
just an interface on a laptop not connected to the network that the user will
key in the password where the tool will demostrate if the password has passed
complexity else it will show that it is cracked within a split of a second.
I do understand that we are using Kerberos protocol for password
authentication since we are all XP and 2003 but my main concern is that some
of our users will still not follow the rule of password complexity. Some of
them are still using names of their children with some numbers for domain
logon.
Thks,
Guy
"Roger Abell [MVP]" wrote:
> Let me get this right, you will have your users go to some
> tremendously well secured interface where they will be asked
> to enter their password. You then want some tool that looks
> at the password and says how hard it is to crack it?
>
> Hmmmm. So we train the users to go and enter their password
> on pages that do not look like system login pages. We have that
> password travel to the server is a less well securied way than it
> ever does when the OS remotely challenges for authentication.
> And finally, we guess how difficult it would be to crack into that
> password once it has been hashed. Is that about right ?
>
> People usually just get one of the cracking tools, free or for low
> cost, and then run that against the account store and then notify
> the people of how long it took to find their password.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server : Security)
> MCDBA, MCSE W2k3+W2k+Nt4
> "Guy" <EMail@HideDomain.com> wrote in message
> news:EMail@HideDomain.com...
> > We are trying to educate our users the importance of using complex
> > password
> > and i am looking for a utility or any software available on the market to
> > demonstrate to them how easy to crack their password if using simple
> > password. They will just enter their password and it will show how fast it
> > is
> > decoded. The utilty is not intented to run against the domain logon
> > account.
> > They will just key in their password and the tool will either shows how
> > quick it is easily cracked because it is not complex.
> >
> > Appreciate if you know the avaiability of such tool. Thks
> >
>
>
>
|
| |
|
| |
|
Steven
|
| Posted: Sat Oct 22 12:44:17 CDT 2005 |
Top |
Security >> Looking for a tool or utility to crack password?
There is a free tool called Cain password cracker available at the link
below.
http://www.oxid.it/
You can not enter a password but you install it, logon as an administrator,
and dump the hashes from the SAM. Then you can select passwords to crack.
Note that by default lm hashes are stored which are easy to crack. Once you
disable storage of lm hashes and change your password it will be more
difficult. In addition to password complexity it is a great idea to have a
long minimum password length such as 15 characters and train users to think
pass phrases instead of passwords. The passphrase should include spaces
between words instead of all run together as in My dogs name is bud! . To
you and me it looks like a simple easy to remember password but try to crack
it. Another interesting thing you will find is how Cain can instantly
display protected storage password such as those used my your email account
for OE, etc which is why a user should NEVER user their logon password for
anything else as that is one of the first things an attacker will do is to
try and use passwords found in protected storage. --- Steve
"Guy" <EMail@HideDomain.com> wrote in message
news:EMail@HideDomain.com...
> We are trying to educate our users the importance of using complex
> password
> and i am looking for a utility or any software available on the market to
> demonstrate to them how easy to crack their password if using simple
> password. They will just enter their password and it will show how fast it
> is
> decoded. The utilty is not intented to run against the domain logon
> account.
> They will just key in their password and the tool will either shows how
> quick it is easily cracked because it is not complex.
>
> Appreciate if you know the avaiability of such tool. Thks
>
|
| |
|
| |
|
Roger
|
| Posted: Sat Oct 22 12:54:45 CDT 2005 |
Top |
Security >> Looking for a tool or utility to crack password?
It would be much more simple to just crack against the saved,
live passcode store and submit the cracked ones for action,
whether that is setting password age so next login change is
required, plus an email of corp policy and that is why they are
being required to change password, plus count of times they
have gone through the process.
In my experience, as Byron indicates also, requiring users to
do something aimed at getting them to do something else that
they are not doing is not really going to bear fruit.
"Guy" <EMail@HideDomain.com> wrote in message
news:EMail@HideDomain.com...
> Hi Roger,
>
> Thanks for the reply, May be i did not ask the question properly. It will
> be
> just an interface on a laptop not connected to the network that the user
> will
> key in the password where the tool will demostrate if the password has
> passed
> complexity else it will show that it is cracked within a split of a
> second.
>
> I do understand that we are using Kerberos protocol for password
> authentication since we are all XP and 2003 but my main concern is that
> some
> of our users will still not follow the rule of password complexity. Some
> of
> them are still using names of their children with some numbers for domain
> logon.
>
> Thks,
> Guy
>
> "Roger Abell [MVP]" wrote:
>
>> Let me get this right, you will have your users go to some
>> tremendously well secured interface where they will be asked
>> to enter their password. You then want some tool that looks
>> at the password and says how hard it is to crack it?
>>
>> Hmmmm. So we train the users to go and enter their password
>> on pages that do not look like system login pages. We have that
>> password travel to the server is a less well securied way than it
>> ever does when the OS remotely challenges for authentication.
>> And finally, we guess how difficult it would be to crack into that
>> password once it has been hashed. Is that about right ?
>>
>> People usually just get one of the cracking tools, free or for low
>> cost, and then run that against the account store and then notify
>> the people of how long it took to find their password.
>>
>> --
>> Roger Abell
>> Microsoft MVP (Windows Server : Security)
>> MCDBA, MCSE W2k3+W2k+Nt4
>> "Guy" <EMail@HideDomain.com> wrote in message
>> news:EMail@HideDomain.com...
>> > We are trying to educate our users the importance of using complex
>> > password
>> > and i am looking for a utility or any software available on the market
>> > to
>> > demonstrate to them how easy to crack their password if using simple
>> > password. They will just enter their password and it will show how fast
>> > it
>> > is
>> > decoded. The utilty is not intented to run against the domain logon
>> > account.
>> > They will just key in their password and the tool will either shows how
>> > quick it is easily cracked because it is not complex.
>> >
>> > Appreciate if you know the avaiability of such tool. Thks
>> >
>>
>>
>>
|
| |
|
| |
|
Guy
|
| Posted: Sat Oct 22 21:03:02 CDT 2005 |
Top |
Security >> Looking for a tool or utility to crack password?
Just want to thanks everybody for their suggestion. I totally agree that we
should keep on educating the end users on using strong password as part of
the company's policy.
May be my option for a tool might be irrelevant as an additional exercise.
I am not a security expert and is thankful to your suggestions.
"Steven L Umbach" wrote:
> There is a free tool called Cain password cracker available at the link
> below.
>
> http://www.oxid.it/
>
> You can not enter a password but you install it, logon as an administrator,
> and dump the hashes from the SAM. Then you can select passwords to crack.
> Note that by default lm hashes are stored which are easy to crack. Once you
> disable storage of lm hashes and change your password it will be more
> difficult. In addition to password complexity it is a great idea to have a
> long minimum password length such as 15 characters and train users to think
> pass phrases instead of passwords. The passphrase should include spaces
> between words instead of all run together as in My dogs name is bud! . To
> you and me it looks like a simple easy to remember password but try to crack
> it. Another interesting thing you will find is how Cain can instantly
> display protected storage password such as those used my your email account
> for OE, etc which is why a user should NEVER user their logon password for
> anything else as that is one of the first things an attacker will do is to
> try and use passwords found in protected storage. --- Steve
>
> "Guy" <EMail@HideDomain.com> wrote in message
> news:EMail@HideDomain.com...
> > We are trying to educate our users the importance of using complex
> > password
> > and i am looking for a utility or any software available on the market to
> > demonstrate to them how easy to crack their password if using simple
> > password. They will just enter their password and it will show how fast it
> > is
> > decoded. The utilty is not intented to run against the domain logon
> > account.
> > They will just key in their password and the tool will either shows how
> > quick it is easily cracked because it is not complex.
> >
> > Appreciate if you know the avaiability of such tool. Thks
> >
>
>
>
|
| |
|
| |
|
| |
|
Index ‹ Windows OS ‹ Security |
- Next
- 1
- Security >> "logon as a service" and "logon as a batch job"Gurus,
I understand, in highly secure environments, where you have to in certain
situations have to give certain accounts the "logon as a service" right.
But how does one know when to also give that account the "logon as a batch
job" right?
--
Spin
- 2
- active directory >> NT4 to 2003 Active DirectoryOne of the domains that I'm responsible for is still running NT4. Since I'm
unable to decommission it, I'd like to at least upgrade it to Server 2003
SP2 / Active Directory. I have a new PDC with a 7.8GB system partition that
is ready for the upgrade and a new box which will also only have 2003
installed and promoted after the upgrade. All remaining NT4 boxes will be
decommissioned following the upgrade.
DNS & WINS are ran on appliances, not on the domain controllers. Does
anything need done on the client side, since the boxes are joined to
'DOMAIN' vs. 'domain.com'? Or will WINS act as a crutch in this scenario?
Also, is this safe to perform during the day since the BDCs will be up and
authenticating users? I was thinking of leaving one BDC off during the
upgrade to provide a rollback plan, if necessary.
Any help is appreciated.
--
Tim
- 3
- Directory >> some machines can't login into domain - HELP!I came into work this morning to find that a whole lot of users are
unable to log into the domain. The machines are just hanging on the
'Applying Computer Settings'.
Its strange, because its Win2k Machines and XP machines that have
these symptoms.
When I unplug the network on the a machine that is having trouble
logging in, it boots up normally and logs in fine.
On one of my domain controllers I'm getting the following error:
Windows cannot access the registry information at
\\spud.com\sysvol\spud.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol
with (53).
Any ideas?
Any help would be great.
- 4
- 5
- Security >> House Probes Threat Posed by SpywareApr 29, 7:50 PM (ET)
By MATTHEW DALY
WASHINGTON (AP) - It's the newest computer security
problem to attract the attention of Congress: spyware, or
software designed to collect computer users' personal data
without their knowledge.
Secretly piggybacking on downloaded Internet software,
spyware transmits information about computer usage and
generates pop-up advertisements and other annoyances. It
often is difficult to uninstall.
Little known a few years ago, spyware is now so common
that many consider it the biggest problem for Internet
users since spam.
Microsoft estimates spyware is responsible for half of all
PC crashes and warns that it has become a multimillion-
dollar support issue for computer makers, Internet service
providers and technicians.
In some cases, it makes a computer unusable.
A research lab in Washington state found one of its
computers "hijacked" by pop-up ads, to the point where "we
couldn't do anything," said Patrick Clapshaw, the lab's
director.
After a week of frustration and several visits by
technicians, the problem was eventually solved, but not
before causing at least $500 worth of lost data and
downtime.
Clapshaw, of Kirkland, Wash., calls spyware worse than
spam.
"To me, this is an aggressive computer takeover," he
said. "It's the difference between someone dropping fliers
on your front porch, or walking around your house
following you and annoying you."
Members of Congress are taking the threat seriously. At
least three bills have been introduced to address the
problem, with more likely to follow.
"There is no more pernicious, intrusive activity going on
in the Internet today" than spyware, said Rep. Joe Barton,
R-Texas, chairman of the House Energy and Commerce
Committee.
At a hearing Thursday before the panel's subcommittee on
commerce, trade and consumer protection, computer makers
and user groups urged Congress to address deceptive
behavior, rather than ban categories of software. Citing a
new Utah law, the groups said broad legislation could end
up prohibiting legitimate practices and stifle innovation.
Members of the Federal Trade Commission also urged caution
as officials learn more about the problem and the best way
to combat it.
"I do not believe legislation is the answer at this time,"
said commission member Mozelle Thompson. "Instead, we
should give industry the time to respond. Self-regulation
combined with enforcement of existing laws might be the
best way to go."
The go-slow approach infuriated Barton, who said he
intends to push a spyware bill through his committee - and
the full House - this year.
"You like this stuff? You're the only person in this
country that wants spyware on their computer," he told
Howard Beales, the FTC's consumer protection chief.
Barton urged FTC officials to work with the committee to
draft a new law "instead of trying to defend something
that's indefensible."
Beales said the FTC considers spyware a problem, but wants
to make sure that legislation targets deceptive behavior
while allowing legitimate uses. Some proposed solutions,
such as requiring permission every time a user downloads a
new program, "would make the process of installing new
software extremely tedious," Beales said.
Rep. Jay Inslee, D-Wash., whose district includes
Kirkland, called it "absolutely astounding" that the FTC
does not see a need for a new law "when we have hundreds
of thousands of violations every day." Inslee introduced a
bill Thursday that would outlaw spyware programs designed
to record Web browsing habits and collect personal data
without notice and consent of the user.
Rep. Mary Bono, R-Calif., has introduced a similar bill
requiring that consumers receive a clear and conspicuous
notice before downloading software. The bill would also
require that third parties disclose their identity to the
consumer, along with a valid e-mail address.
Sens. Conrad Burns, R-Mont., Ron Wyden, D-Ore., and
Barbara Boxer, D-Calif., have introduced a bill
prohibiting installation of software on someone else's
computer without notice and consent. The bill also would
require reasonable "uninstall" procedures for new software.
- 6
- win2000 >> DVD writerI just want to know whether Windows 2000 server support USB External DVD
Writer?
Thanks in advance
- 7
- Directory >> DCPromo over a VPN...Has anyone here managed to do a DCpromo over a VPN connection...we are
opening an office overseas and need to have a local DC out there yet
we need to have them in our Exchange system and be able to share
files...I was wondering if anyone out there has done a DCPromo over a
VPN connection (Hardware VPN, and figure T1 speeds)
Or is it more feasable to create a completely separate domain/forest
out there and just setup a trust? (Can I setup a trust for 2 domains
that are not in the same forest?,,,would Exchange be a problem between
the domains?)
Thanks!
<M>
- 8
- WindowsMe >> Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB905915)Microsoft released yesterday, 13 December (patch Tuesday), a Cumulative
Security Update for Internet Explorer 6 Service Pack 1 (KB905915). May I
urge al users of Win Me (or come to that any other MS operating system) to
update their system as a matter of urgency as this hotfix addresses a
number of vulnerabilities some of which are already being exploited.
For more details see KB905915 - "MS05-054: Cumulative security update for
Internet Explorer" (http://support.microsoft.com?kbid=905915) and also
Microsoft Security Bulletin MS05-054
(http://www.microsoft.com/technet/security/bulletin/MS05-054.mspx).
--
Mike Maltby
mike.maltby@gmail.com
- 9
- WindowsMe >> ME getting very slowI have noticed a considerable slowing down of almost all operations
during the past month or so. This is especially noticeable when surfing.
Pages open slowly and even after they open (and status bar says "done")
the cursor remains a thin line and I cannot scroll down. After several
seconds, the cursor pops back to its original arrow shape and I can
scroll. It is getting to be very unpleasant to surf.
I have trimmed my startup programs, run Adware, Spybot, Scandisk, Defrag.
My resources right now read 44%. I am running FireFox 5.1, McAffee,
ZoneAlarm, and SpyBlaster. I use a dialup connection (and there is no
parallel problem with my other computer, running the same programs on XP
Pro, with the same dialup connection).
I don't know if this is a resources problem or what? Not too much more I
can deselect from the startup.
Any ideas appreciated.
Richard, Moving through Molasses
- 10
- Security >> Getting certificate context propertiesHi all,
I am developing a small app in C++ and I need to list all the certificates
in the system store, in a List View, like the one displayed in the
CryptUIDlgSelectCertificateFromStore() dialog. I have successfully
enumerated all the certificates using CertEnumCertificatesInStore() but I
can't seem to extract all the bits of information from the certificate
context, i.e. Issued to, Issued by, Intended purposes, Friendly name,
Expiration date and Location. The only pieces of information I have been
able to get so far using CertGetCertificateContextProperty() and
CertGetNameString() is the Issued to, Issued by and Friendly name.
Can anyone tell me how to get the remaining properties?
Kind Regards,
Chris
- 11
- 12
- 13
- WindowsMe >> Spybot S & D Detections Update (2005-06-24)2005-06-24
Dialer
+ Tango ++ TIBS
Hijacker
++ MoneyGainer ++ xxsware Inc. + ISearchTech.PowerScan +
ISearchTech.SideFind (9)
Keylogger
++ Dumaru
Malware
++ Adware.ZioCom.B ++ kz515.com + AzeSearch + ISearchTech.ISTsvc (22) +
ClimaxBucks.InternetOptimizer
This is a detections update. It does not correct the immunization issue
in Win9x.
- 14
- 15
- Drivers >> OffloadChecksum Test In NDIS 6.5Hi!
My understanding of how protocols/IM drivers parse indicated rx NBLs/NBs is
by accessing the data starting at NET_BUFFER_CURRENT_MDL(NB) and offset by
NET_BUFFER_CURRENT_MDL_OFFSET(NB).
Our miniport driver will occasionally shift the offset within the
NET_BUFFER_CURRENT_MDL(NB) and will set NET_BUFFER_CURRENT_MDL_OFFSET(NB)
appropriately. Unfortunately, the NDIS 6.5 offloadchecksum test fails and
reports data corruption because it is not taking the
NET_BUFFER_CURRENT_MDL_OFFSET(NB) into consideration. I have verified this
by looking at the MDL it reports as containing corrupted data. In all cases,
the test is looking at data at MDL->MappedSystemVa without offsetting this
by the NET_BUFFER_CURRENT_MDL_OFFSET.
Note that this is the only test that fails. All other tests, such as
offloadlso, works.
Is this a known problem with the NDIS 6.2/NDIS.Net that comes with DTM 1.2?
Thanks!
|
|
|