Dealing with longer NTLM passwords
#1
Hi, 

I've been running an internal password audit against our active directory users. Over the years and password policy revisions naturally the complexity has increased, how is everyone dealing with it? Larger dictionary files, more rules or masks?

I'm still finding password containing 123 however nowhere near as many as I used to, going from 70% recovery rate to less that 5%.

Does anyone have any specifics tips or tricks please.
Reply
#2
Combinators and stacking multiple rules at once, are quite nice for cracking longer passes but yeah, there's only so much you can do
Reply