posted on Feb, 28 2012 @ 07:28 PM
reply to post by PhoenixOD
If you can get Admin creds, legitimate tools like LC5 (L0ftcrack) can crawl all the domain servers for every user login pass combo on the network.
A quick check and it looks like LC6 may now be available. L0ftcrack password Auditing and recovery
There's a number of industry forensic tools, sniffers, scanners, and other packages used in penetration testing that are all quite nifty.
Encryption tools like Blowfish can be really nasty too. One client I serviced never wanted to shell out for the billable hours to secure their
network, and sure enough, some yahoo tried taking the business hostage by encrypting a large number of important assets on one of the file servers.
Getting the files back wasn't a problem what with just restoring that backups, but, this happened a few times before client settled on a security
solution with IDS. Granted it was the cheapest solution, but, something is better than just relying on 2k Server security, and a few policies.
Please note, I mention these for use in the course of legitimate corporate network security endeavors and concerns; not condoning Black Hat
Ah, I've been away from the comm closets and the racks for awhile. I'm starting to feel outdated.
edit on 28-2-2012 by nineix because: (no reason given)