Thank you for your help its appreciated.

Many thanks. If say you had to audit a number of domain users, and you no account lockout is in operation, what password rules/values would you try? Password=Username is an obvious one, but what would your strategy be?

Thanks for the reply. Is there anyway to use that tool "outside" of the backtrack framework tool? Would you need to export the hashes first, how does the process work, how are the hashes "fed in" to the tool? Please excuse my ignorance as I'm new to this.

Is it at all possible for a trained eye to be able to determine which cryptographic hash function is used to hash users passwords in a database table for a specific application. We have an application that doesn’t use oracles default authentication so the application user hashes aren’t stored within $sys.users, they are in a random table specific to the application.  My question is, if you can see the hashes in that table, could you tell which hash function hashed them? Or is there a tool to feed the hash into and for it to tell you which hash function hashed these passwords? Its hard to identify a tool to run dictionary password tests over if you don’t know what hash function is used.

Hi,

First off, please excuse the naivety of this question, but pen test isn't an area of expertise. However, my question is, are you aware of any free tools (ideally that dont need installing on a system - so command prompt applications) whereby I need to check a list of domain usernames against a list of 3 passwords to get some of the report of any accounts whose password is one of my list of 3.

I know you can dump hashes from domain controllers with pwdump etc and check them offline with tools like Cain and Ophcrack but I dont really want to do that as the scope is to just test a pre-defined set of accounts, not the capacity to check every account.

Any free little command line tools that can help and I can download for free would be excellent.