Password Audit
#4
There's a few ways to to this.

With 150 users you are probably on a Windows Domain (Active Directory) so your options are;

1. Configure a "temporary" SAMBA domain controller to sync all the credentials and then simply ask samba to dump them. HOWTO here : http://www.room362.com/blog/2014/05/14/d...ing-samba/ (requires administrative rights)

2. As you cannot access the database with hashes on a Windows Server while its running, you can perform a Volume Shadow Copy, and then obtain the hashes from the copy (you need administrator rights). You can see a HOWTO here, Method 4 : http://blog.packetheader.net/2014/10/pos...t-and.html

3. On a workstation you can dump the last 10 successful logins from the local cache (depending on GPO settings) using Windows Credential Editor or the Metasploit plugin found here : http://www.rapid7.com/db/modules/post/wi.../cachedump

I have mentioned in my talks before that companies should audit their staff passwords periodically to ensure they are of a successful caliber (relying only on password creation rules does not suffice). Unfortunately given the nature of passwords Microsoft and other companies have and never will make it an easy step to dump the hashes.

Note: That any of these steps are considered malicious and/or illegal without the consent of the company owning the systems and passwords. Also note that sometimes a Volume Shadow Copy could in rare cases cause the domain controller to be unresponsive.


Messages In This Thread
Password Audit - by elotrix - 01-26-2015, 12:52 PM
RE: Password Audit - by undeath - 01-26-2015, 04:12 PM
RE: Password Audit - by cracker75 - 01-26-2015, 04:46 PM
RE: Password Audit - by rurapenthe - 02-08-2015, 09:47 PM