Step 1: Understanding the limitation

The next step is to determine how you're going to go about your testing. You could test from the outside -- a true hacker's-eye-view -- or as an authenticated user and administration on the internal network. If you want to simplify things and jump right in, you can simply run a password cracking program against your domain controller or specific computer(s) you wish to test. However, that's only half the story since there are likely so many other passwords around. Therefore, I recommend both the external and internal tests.

The external view will show you how things really appear from the outside. In this type of testing you can try to crack the following types of passwords from the outside world:

• IIS/Web applications
• SQL Server
• E-mail (SMTP, POP3, OWA, etc.)
• Terminal Services
• Remote Desktop Connections via RDP
• VNC and other third-party remote access software

• Local accounts
• Domain accounts
• Service accounts
• Windows shares
• NT cached secrets
• Protected storage (i.e. cached Internet Explorer, Outlook, etc. passwords)
• PWL files
• File protection passwords (i.e. protected .doc, .xls, .pdf, .zip, etc. files)
• Passwords stored in cleartext files on local and network drives

Cracking network passwords

 Home: Introduction
 Step 1: Understanding the limitation
 Step 2: Tools you should use
 Step 3: What good are your findings?

ABOUT THE AUTHOR:

Kevin Beaver is an independent information security consultant, author and speaker with Atlanta-based Principle Logic LLC. He has more than 17 years of experience in IT and specializes in performing information security assessments. Beaver has written five books, including Hacking For Dummies (John Wiley & Sons, Inc.), the brand new Hacking Wireless Networks For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach Publications). He can be reached at kbeaver@principlelogic.com. Copyright 2005 TechTarget

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT User passwords and network permissions 20 days to a more secure enterprise Eight is too many characters for strong passwords Nine common password oversights to avoid Secure your Windows systems with proper password practices Managing multiple passwords in Windows Windows desktop endpoint security challenges podcast series How to strike a balance between Windows security and business needs Managing single sign-on security burdens in Windows Build secure computer password policies Remote user security checklist Microsoft Windows XP Pro Guide to converting from Windows XP to Windows 7 Top 5 registry keys for Windows XP Manage the desktop image lifecycle to limit work, ensure security Secure Windows XP before a Windows 7 upgrade Microsoft's August patches run the gamut Hold on to Windows XP at your peril XP stragglers blame hardware costs, new features Your questions answered: The Windows 7 upgrade quandary Windows Vista users get little pricing relief on Windows 7 Vista shops eye quick path to Windows 7, XP shops likely to resist

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary key-value pair  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary