Step 2: Tools you should use

In order to effectively accomplish the tasks outlined in the methodology above, it takes various tools. The following tools should at least be on your radar if not in your security toolbox:

• Brutus for e-mail, telnet, etc. passwords (an absolute must)
• Cain & Abel for LM- and NTLM-hashed Windows passwords, Wireless Zero Configuration passwords, PWL files, RDP files, SQL hashes, and more
• Effective File Search for searching passwords in network files (i.e. searching for "password" in .txt, .doc, .xls, etc. files)
• John the Ripper for LM-hashed Windows passwords
• Microsoft Baseline Security Analyzer (MBSA) for missing and weak passwords
• NetBIOS Auditing Tool for Windows share passwords
• Proactive Password Auditor for LM- and NTLM-hashed Windows passwords and rainbow tables support
• Proactive System Password Recovery for RAS, PWL files, service accounts, and more
• pwdump3e for dumping Windows password hashes
• pwdump4 for dumping Windows password hashes
• TSGrinder for Terminal Services passwords

Cracking network passwords

 Home: Introduction
 Step 1: Ethical hacking methodology
 Step 2: Tools you should use
 Step 3: What good are your findings?

ABOUT THE AUTHOR:

Kevin Beaver is an independent information security consultant, author and speaker with Atlanta-based Principle Logic LLC. He has more than 17 years of experience in IT and specializes in performing information security assessments. Beaver has written five books, including Hacking For Dummies (John Wiley & Sons, Inc.), the brand new Hacking Wireless Networks For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach Publications). He can be reached at kbeaver@principlelogic.com. Copyright 2005 TechTarget

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Defining Policy A Windows security checklist for IT managers What's hot in Microsoft Windows security Here's how three IT shops manage passwords Insider security threats: Watch out for the quiet ones Troubleshooting your Windows-based VPN Telecommuter security kit Finding lost or forgotten passwords Ethical hacking Checklist: 11 things to do after a hack Build secure computer password policies Defining Policy Research End User Education Cross-site Scripting 102: How to defend against cross-site scripting A Windows security checklist for IT managers ActiveX security improves with Internet Explorer 8's security features Data encryption best practices in Windows Windows Mobile security tips for the on-the-go pro Correct improperly assigned user rights in Windows XP Free security testing tools for Windows handheld devices Do old certificates pose a Windows security threat? Windows mobile security: Get it locked down Metasploit 3.1 updates improve Windows penetration testing

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary strong password  (SearchWindowsSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary