Blank Passwords

GovernmentSecurity.org > The Archives > General Network Security

rbk6xs5

Aug 14 2003, 07:37 PM

I need to run a script on our network to determine if we have machines in the field with a blank password. Does anyone know how I can achieve this?

jurk-off

Aug 14 2003, 09:49 PM

you mean you want to look if yur vulnerable??? then use the ipcscan and check yur ips

GAN_GR33N

Aug 15 2003, 03:18 AM

depending on how many computers you are scanning.

if you need to scan alot of boxes i would run "enum.exe" to get usernames.
then use NAT to check for null or weak passwords.

if you only need to scan a few i would try the C.I.S. scanner and disable the modes you don't need

wei

Aug 15 2003, 03:46 AM

if you use windows, maybe MS Baseline Security Analyzer can satisfy your need

virus

Aug 15 2003, 04:24 AM

I suggest GFI LANGuard. Its has the function to establish 'null sessions'. Check it out .... http://www.gfi.com/lannetscan/

rbk6xs5

Aug 18 2003, 02:50 PM

wow, lots of great ideas. Thanks everyone! I'll post back the solution I used when I get everything working

Edvon

Feb 23 2004, 08:37 PM

So what solution did u use?

Or still not wotking? :|

sylver

Feb 23 2004, 10:23 PM

î think MS Baseline Security Analyzer is the best solution, then u would also see if u need important updates...

DumpZ

Mar 1 2004, 08:09 PM

Are u using a MS Windows domaincontroller? cuz else u can just use pwdump2 in combination with l0pthcrack.

pwdump2 can dump the password hashes.
and l0pthcrack cracks them.

If u r not using aan MS Windows domaincontroller use can scan ur networkt with ipcscan.exe

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Blank Passwords GovernmentSecurity.org > The Archives > General Network Security rbk6xs5 Aug 14 2003, 07:37 PM I need to run a script on our network to determine if we have machines in the field with a blank password. Does anyone know how I can achieve this? jurk-off Aug 14 2003, 09:49 PM you mean you want to look if yur vulnerable??? then use the ipcscan and check yur ips GAN_GR33N Aug 15 2003, 03:18 AM depending on how many computers you are scanning. if you need to scan alot of boxes i would run "enum.exe" to get usernames. then use NAT to check for null or weak passwords. if you only need to scan a few i would try the C.I.S. scanner and disable the modes you don't need wei Aug 15 2003, 03:46 AM if you use windows, maybe MS Baseline Security Analyzer can satisfy your need virus Aug 15 2003, 04:24 AM I suggest GFI LANGuard. Its has the function to establish 'null sessions'. Check it out .... http://www.gfi.com/lannetscan/ rbk6xs5 Aug 18 2003, 02:50 PM wow, lots of great ideas. Thanks everyone! I'll post back the solution I used when I get everything working Edvon Feb 23 2004, 08:37 PM So what solution did u use? Or still not wotking? :\| sylver Feb 23 2004, 10:23 PM î think MS Baseline Security Analyzer is the best solution, then u would also see if u need important updates... DumpZ Mar 1 2004, 08:09 PM Are u using a MS Windows domaincontroller? cuz else u can just use pwdump2 in combination with l0pthcrack. pwdump2 can dump the password hashes. and l0pthcrack cracks them. If u r not using aan MS Windows domaincontroller use can scan ur networkt with ipcscan.exe This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.