-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nicolas RUFF wrote:
>> I have a win2003 server that I have been asked to test its password
>> policy. I am new to this and was wondering what would be the best
>> approach to gain access? It is in my local network and will be
>> segregated from the rest of the network for testing. I would be using a
>> remote machine to log in and not locally. What would be your suggestions?
>
> Password policy can be found in Administrative Tools/[Local | Domain]
> Security Policy.
>
> What do you mean by "testing password policy" ?
>
> Why do you need to gain access ? You'd better ask for an administrative
> account and dump the SAM file into a password cracker (like LCP).
>
> Given the default security policy of W2003 (anonymous account
> enumeration blocked, password length over 7 and mixed characters
> required), your chances to break in remotely without any additional
> information are near zero.
>
> Regards,
> - Nicolas RUFF
>
First, we are trying to lock down our servers. I came into this after
they had these server up for a few years, so you can see my work
is cut out for me. I just wanted the best ways to test to make sure
most users cannot get where they are not suppose to be. Current
password policy is 8 characters, upper lower number.
thanks
Chris Parker
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF+yUmfnAfmpxxbc4RAq0rAKCkFoXkcXBGg2beTtt+8QuIH5fZ6wCcDdex
0SSUbEobSwYzWPXCWTWCxss=
=HwKs
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
|