OT: Cracking a password as domain admin...

[Wulf2k]

Anybody know any good (trustworthy) utilities for divulging the password of an Active Directory account without having to reset it?

I have to set up one of the photocopiers to be able to scan to an SMB share, and all the others are set up to use an account that nobody has touched in over half a decade. Resetting it means quadrupling my work, as I'd have to go around to each and set it up with the new credentials.

That's probably what I'll end up doing though. Ah well, I'm off early today, not my problem as of three minutes ago. Screw you "Wulf 65 hours in the future", it's your problem now! Sucker!

*leaves*

 

[Daleth]

ehh? Reading that let alone understanding it made my wee brain hurt a lot!!!

 

[Skylark SP]

Wulf, the short answer to that is: yes. The long answer is, use of any such utilities, even having them in your possession/on the premises, depending on your workplace, can cost you your job, particularly if you work for a financial or government institution. If your IT infrastructure deems expired account password RECOVERY (not reset) via hash reading/cracking or password strength testing with brute force attacks on user accounts (which means you set a time threshold for cracking them, and assign pass/fail to the account) as a routine part of your job, then they will have provided (and paid licensing fees) for the tools that allow those activities, and have policies for their use. Additionally, those sorts of things usually need an audit trail so "legitimate" a/k/a ethical hacking is established.

Depending on your infrastructure, your organization may have security/anti-malware software that looks for signatures of various "admin utilities" if they are downloaded on a monitored area of the network.

I'm not saying that thousands of IT admins & help desk folks don't have private copies of these "admin utilities" on corporate networks on their own initiative to assist in their job, just that it can be a risky thing.

-Skylark

 

[Varka]

Yes, it's possible.

But quite time consuming.

The best way to do it is via a "rainbow tables."

Here's an overview, althoug posting this link may be against some TOS or somesuch. Don't really care.

http://www.ethicalhacker.net/content/view/94/24/

My place of employment actually built and maintains a set of rainbow tables for just such an occasion...

 

[Wulf2k]

Well, I promise to not recommend my termination for possession of such tools at the next committee meeting. =p

I have full access to the domain controller. I could reset the password if necessary, but would prefer not to.

I don't need anything to penetration test the entire network, just something to obtain the password for a single account. I know there are legitimate, freely available tools out there that do this, but anybody that's already familiar with a good one would be better than a goole search of "crack windows password no virus please". I would still take all necessary precautions with such a tool of unknown origin.

 

[Wulf2k]

Varka, before getting into that too much, does it work for AD accounts?

I thought that only worked for local machine accounts.

 

[SoulWeaver]

So what i got from this is you want to photo copy big Roosters...