Step 1: Understanding the limitation

Step 1: Understanding the limitation

The best way to approach testing for password weaknesses in your organization is from an ethical hacking perspective. The first -- and perhaps most important -- thing this involves is obtaining permission from upper management. If you're a consultant, written sign-off from your clients is especially important. Also, work by the Golden Rule when testing for password weaknesses and respect the privacy of others by protecting and never sharing the information once passwords are uncovered. This is not only the ethical thing to do but it's also a good way to keep from losing your job or getting into legal hot water.

The next step is to determine how you're going to go about your testing. You could test from the outside -- a true hacker's-eye-view -- or as an authenticated user and administration on the internal network. If you want to simplify things and jump right in, you can simply run a password cracking program against your domain controller or specific computer(s) you wish to test. However, that's only half the story since there are likely so many other passwords around. Therefore, I recommend both the external and internal tests.

The external view will show you how things really appear from the outside. In this type of testing you can try to crack the following types of passwords from the outside world:

  • IIS/Web applications
  • SQL Server
  • E-mail (SMTP, POP3, OWA, etc.)
  • Terminal Services
  • Remote Desktop Connections via RDP
  • VNC and other third-party

    Requires Free Membership to View

    Login

    When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with desktop management and security technologies.

    Margie Semilof, Editorial Director

    By submitting your registration information to SearchEnterpriseDesktop.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseDesktop.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

  • remote access software
The internal views as both a regular user and an administrator are valuable as well. Running such tests as a regular user with minimal network rights shows what the average employee, contractor, and other insider can see on the network. Finally, a follow-up cracking test logged in as an administrator equivalent will find additional weaknesses you may have overlooked or not been able to access otherwise. In this type of testing you can try to crack the passwords mentioned above (since you'll likely have a different network perspective inside the firewall) and, in addition, the following types of passwords as well:
  • Local accounts
  • Domain accounts
  • Service accounts
  • Windows shares
  • NT cached secrets
  • Protected storage (i.e. cached Internet Explorer, Outlook, etc. passwords)
  • PWL files
  • File protection passwords (i.e. protected .doc, .xls, .pdf, .zip, etc. files)
  • Passwords stored in cleartext files on local and network drives
As you can see, there are more than just Windows passwords that can introduce information security risks on your network. Note that some of these tests require you to be logged into the local machine. This is obviously not realistic for more than a dozen or so machines; however, you should run them on your servers and critical workstations at a minimum.


Cracking network passwords

 Home: Introduction
 Step 1: Understanding the limitation
 Step 2: Tools you should use
 Step 3: What good are your findings?

ABOUT THE AUTHOR:
Kevin Beaver is an independent information security consultant, author and speaker with Atlanta-based Principle Logic LLC. He has more than 17 years of experience in IT and specializes in performing information security assessments. Beaver has written five books, including Hacking For Dummies (John Wiley & Sons, Inc.), the brand new Hacking Wireless Networks For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach Publications). He can be reached at kbeaver@principlelogic.com.
Copyright 2005 TechTarget

This was first published in December 2005

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top