Web lists-archives.com

Re: [Samba] check accounts for known bad passwords




On Thu, 2017-07-20 at 15:52 +0200, mj via samba wrote:
> Hi,
> 
> Des anyone know if a script of some sort or way to check my samba 
> accounts for known bad passwords, such as "123321", "1q2w3e", and such?
> 
> We are currently the target by a botnet, trying out those easy passwords 
> on our imap server. While many (all?) of our users have good complex 
> paswords, I am not 100% sure about *all* of them. If possible I'd like 
> to disable their accounts, in the case of such bad passwords.

I would, if I were you, use:

http://www.openwall.com/john/
http://openwall.info/wiki/john/sample-hashes

To get the hashes in the form you want for this, try:

pdbedit -w

That dumps an smbpasswd file format file (be very careful with this, it
contains your krbtgt key, admin password and everything else!)

Note this in the FAQ:

A: With PWDUMP-format files, John focuses on LM rather than NTLM hashes
by default, and it might not load any hashes at all if there are no LM
hashes to crack. To have JtR Pro or a -jumbo version focus on NTLM
hashes instead, you need to pass the "--format=nt" option. 

I guess you would run it:

john --wordlist=/usr/share/john/password.lst /root/smbpasswd  
--format=nt

You will need that jumbo version, the NTLM hash isn't in the one
packaged on Fedora, so this is where I stopped. 

I hope this helps you keep in front of the bad guys!

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba