I was performing a little security audit today, and used PWdump to dump the contents of the SAM file from a Windows 2000 Domain Controller.
I took the results from PWdump and imported them into LMcrack. It took 47.11 seconds to enumerate 617 of the 2272 account passwords.
Next I ran Richard Mueller’s DocumentGroups.vbs script which dumped the group membership of all the domain’s Active Directory accounts to a file.
Now I had a list of user and their passwords, plus a list of user account group memberships. Are you suprised that three users with Domain Admin membership were on the cracked.dic list?
I bet the entire process, from PWdump to LMcrack to DocumentGroups.vbs took all of ten minutes. The local network admin was not happy with the strength of his user’s passwords. Maybe now he’ll start enforcing stronger passwords.