Close

Page 2 of 2 FirstFirst 12
Results 21 to 27 of 27
  1. #21
    DF Super Moderator JonEp's Avatar
    Join Date
    Oct 2007
    Location
    uk
    Posts
    2,344
    Thanks
    1,223
    Thanked:        963
    Karma Level
    378

    Default Re: Passwords on work PC

    Quote Originally Posted by reverend View Post
    It'll just have been a password audit against AD - a lot of companies do these nowadays (all should).

    As has been mentioned the passwords aren't stored in plain text, everything is hashed. You take a list of basic passwords which you think users may be using, add that onto something like the Rockyou wordlist and then see which users have passwords which match by generating the hashes for the passwords in your list then comparing those against all users in AD.

    I've done this in many companies now and it's surprising how many people use stupidly simple passwords which are low hanging fruit when someone is trying to hack in.
    Are the hashes in AD not salted ?


    EDIT: I see there not.. What a joke...

  2. #22
    DF Jedi Argyll's Avatar
    Join Date
    Jun 2006
    Location
    Paradise
    Posts
    2,878
    Thanks
    101
    Thanked:        23
    Karma Level
    329

    Default Re: Passwords on work PC

    Quote Originally Posted by reverend View Post
    It'll just have been a password audit against AD - a lot of companies do these nowadays (all should).

    As has been mentioned the passwords aren't stored in plain text, everything is hashed. You take a list of basic passwords which you think users may be using, add that onto something like the Rockyou wordlist and then see which users have passwords which match by generating the hashes for the passwords in your list then comparing those against all users in AD.

    I've done this in many companies now and it's surprising how many people use stupidly simple passwords which are low hanging fruit when someone is trying to hack in.
    Great answer thanks. It's a shame my IT dept hadn't explained this and I would have been satisfied.

    By the way what is AD?
    I understand and accept that some people hold opinions that are different to my own. Living in a free and democratic society, I fully embrace and respect their right to be wrong.

  3. #23
    DF PlaYa dibbler's Avatar
    Join Date
    Oct 2001
    Location
    Ankh-Morpork
    Posts
    582
    Thanks
    62
    Thanked:        62
    Karma Level
    268

    Default Re: Passwords on work PC

    AD = Active Directory
    Copied from one of my books!!
    Active Directory isMicrosoft's Directory Server. It provides authentication and authorization mechanisms as well as a framework within which other related services can be deployed (AD Certificate Services, AD Federated Services, etc). It is an LDAP compliant database that contains objects.

    Thanks to dibbler

    Argyll (23rd June 2019) 


  4. #24
    DF VIP Member
    beansontoast's Avatar
    Join Date
    Jan 2001
    Location
    Korova
    Posts
    5,407
    Thanks
    742
    Thanked:        634
    Karma Level
    662

    Default Re: Passwords on work PC

    Company I work for uses some software called snow to monitor what's going on. I used to delete logs occasionally but only as an experiment. Can still do that but I'm not concerned about monitoring other than them being nosey bastards.

    Anyone have experience of this snow software?
    No sympathy for the devil; keep that in mind. Buy the ticket, take the ride...

  5. #25
    DF VIP Member
    tombott's Avatar
    Join Date
    Oct 2002
    Location
    Hereford
    Posts
    5,695
    Thanks
    504
    Thanked:        563
    Karma Level
    729

    Default Re: Passwords on work PC

    As already said, I doubt they know or can see your password.

    It is however easy to run audits against AD to check password strength, but some might say it's even easy to use GPO to actually force a proper password policy.

    What is more likely is some idiot as got their password on a post it note stuck to their screen.
    [Only registered and activated users can see links. ] [Only registered and activated users can see links. ] [Only registered and activated users can see links. ]
    Guns don't kill people rappers do, I'm a fucking rapper and I might kill you.

  6. #26
    DF Admin 4me2's Avatar
    Join Date
    Nov 2000
    Location
    Kent
    Posts
    32,864
    Thanks
    1,959
    Thanked:        2,056
    Karma Level
    2452

    Default Re: Passwords on work PC

    Quote Originally Posted by Argyll View Post
    Yes but they've gone quiet 😏
    Change your password to 'NoseyITCuntz01' and see if you get a response.
    There are 3 types of people in the world - those who make things happen, those who watch things happen; and those who wondered what happened.

    [Only registered and activated users can see links. ][Only registered and activated users can see links. ]Conservatives. Putting the 'N' into Cuts.


  7. #27
    DF PiMP Copex's Avatar
    Join Date
    Nov 2000
    Location
    the net
    Posts
    440
    Thanks
    37
    Thanked:        72
    Karma Level
    277

    Default Re: Passwords on work PC

    Quote Originally Posted by 4me2 View Post
    Change your password to 'NoseyITCuntz01' and see if you get a response.
    now i would post it is pointless THEY CAN NOT SEE THE PASSWORD !!!! but that would be pointless as it has been said many times before :-)

    but just out of interest your Time to crack your password: ( From [Only registered and activated users can see links. ] )
    16 years



    Review: Fantastic, using that password makes you as secure as Fort Knox.

    So it would not get picked up in a audit and the IT team would be happy the passsword is secure. they would not contact the user.

Page 2 of 2 FirstFirst 12

Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •