Password Auditing Tools

CompVPN (Virtual private network) is often used for securing communication over the public network, many security specialists advice to use it in the public Wi-Fi to encrypt all traffic and make it impossible for outsider to sniff information or to provide a remote access to an offsite user, but after implementing the VPN connection there is a testing phase for user’s authentication.

Now the question is who said that cracking password for VPN account impossible?

THC group has proved that this is reachable by using THC PPTP bruter. This software is a brute force for PPTP protocol (1723/TCP), this tool works only if the authentication servers are using Microsoft windows Chap v2 and can be used for Windows and Cisco gateways.

The good point in bruter that you can attempt up to 300-400 passwords depends on packets delivery speed. So the operation time can depends on how many bytes long is your password (8 or less is very risky) and the network speed, by hours we can try 14 million password per hour (but this can takes less time if you know the password policy used by the organization). The only disadvantage of pptp-bruter is that we need some third-party libraries to compile the program.

Microsoft SQL servers are also using authentication and after implementing the data base infrastructure, checking user accounts security is a must. Piggy 1.0.1 is a good tool for brut forcing and auditing passwords on Microsoft SQL server. The good point on Piggy that you can check multiple servers at the same time , after NMAP scans for the available services on the network it provides IP addresses of the servers with 1433 (TCP) port and piggy automatically starts to audit the user servers password with a very big possibility to find those accounts by using dictionary password attack.

Finally here is some online useful links for cracking hashes:

and here brute force on Python and Perl

make sure you subscribe to my RSS feed!

You can leave a response, or trackback from your own site.