OSS security tools for testing MS servers?
plug-discuss@lists.plug.phoenix.az.us
plug-discuss@lists.plug.phoenix.az.us
Fri, 21 Mar 2003 06:22:42 -0800
Quoting Scott H <scottlhenderson@yahoo.com>:
> Since I am always trying to promote Open Source
> in my company, and I've been tasks with a new
> project, it's time to post to PLUG again :)
>
> I need to locate several utilities, and I am just
> wondering if anyone knows of any open source
> tools that can perform these functions:
>
> -password cracking tool - especially one that can
> produce a report of the cracked passwords.
> (lophtcrack - something like that?)
Try l0phtcrack
> -administrative utility to be able to search MS
> AD for accounts that have not been signed on for
> a certain period of time, or that have never been
> signed on (I know this is a long shot, but
> thought I'd ask, just in case. some LDAP tool or
> something?)
the ldapsearch command works well:
ldapsearch -Tx -h hostname -b "ou=some group,o=whatever" -W "cn=Domain
Manager,o=whatever" -w Passw0rd "modifytimestamp<20030101"
(or similar)
> -security testing software to run against MS
> servers and look for known weaknesses.
Here I would use good old nessus.
Here's a link for securing Windows:
http://nsa1.www.conxion.com/win2k/download.htm
Google is your friend :)
George