Gone in 47.11 Seconds


I was performing a little security audit today, and used PWdump to dump the contents of the SAM file from a Windows 2000 Domain Controller.

I took the results from PWdump and imported them into LMcrack.  It took 47.11 seconds to enumerate 617 of the 2272 account passwords.

47.11 Seconds

Next I ran Richard Mueller’s DocumentGroups.vbs script which dumped the group membership of all the domain’s Active Directory accounts to a file.

Now I had a list of user and their passwords, plus a list of user account group memberships.  Are you suprised that three users with Domain Admin membership were on the cracked.dic list? 

I bet the entire process, from PWdump to LMcrack to DocumentGroups.vbs took all of ten minutes.   The local network admin was not happy with the strength of his user’s passwords.  Maybe now he’ll start enforcing stronger passwords.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: