Auditing NTLM passwords?

wes allen

Hey, what procedures are you all using in regards to auditing NTLM passwords for compliance? I have done some password cracking and I have a couple python scripts to help do some analysis, but I am struggling with the easiest, repeatable by less technical people, way to mange the process end to end. Something like the way L0pht worked in the LM days, but that just isn't able to crack NTLM hashes anywhere near as fast or as successful as something like hashcat. So, need to end up with plaintext passwords that I can check for compliance, then match the non-compliant ones back up with a user, and then match the user to an email for notification. So, totally doable with some python and cat|cut|grep shell scripting, but that just seems overly complicated, and I feel like I am trying to reinvent the wheel.

NovaHax

Although NTLM addressed a lot of the shortcomings of the LM hash...it still doesn't employ any salting technique and so the best technique by far, for auditing them, is rainbow tables. You can find some pretty healthy rainbow tables available for download (I've seen some upwards of 10 terabytes)...

wes allen

Thanks much for the reply.

I looked into the rainbow tables, but even just the 8 character mixed alpha, num, symbol, ntlm rainbow tables are almost a TB, and it takes forever to try to run a rainbow table attack with those sizes with l0pht. I can do the cracking part well enough with hashcat, even without a gpu, and do the high level stats fine, it is all the user notifying I am looking for a better way to do, along with making the process simple enough for a less technical person to run.