Joemama
 |
| 10/01/2002 11:45 AM |
 Quote
 Reply
 Alert
|
| Looking for recomendations on software tools available to test the strenght of sql passwords |
|
|
|
|
Chip Andrews
|
| 10/01/2002 12:48 PM |
Quote
Reply
Alert
|
| The tool really depends on how much access you have to the SQL Server. For external audits there are multiple free tools (SQLBF, SQLPing2 etc) and commercial tools (NGSSQuirreL and AppDetective).
If you have access to the hashes in sysxlogins then check out NGSSQLCrack at www.nextgenss.com as it can break the passwords in hours (or minutes) instead of days in most cases.
Chip |
|
|
|
|
|
| 10/01/2002 1:36 PM |
Quote
Reply
Alert
|
| Thanks Chip
I was looking for something like a pen test using a dictionary not a brute force crack, I'll check out your recomendations. |
|
|
|
|
Chip Andrews
|
| 10/01/2002 4:43 PM |
Quote
Reply
Alert
|
| Most all of the above tools support dictionary attacks. A couple may perform both.
|
|
|
|
|
Jens Hansen
|
| 10/28/2002 10:58 AM |
Quote
Reply
Alert
|
| If you use Windows security, then you can use Pwdump3e to fetch passwords from the domain, and John The Ripper to crack most passwords (using brute force) in a matter of hours or days. John can also use a dictionary.
I normally try to have john check my passwords, and consider them acceptable if John needs more than 2 hours to crack it on a 1.5GHz Pentium. |
|
|
|
|