[Samba] check accounts for known bad passwords
Andrew Bartlett
abartlet at samba.org
Thu Jul 20 20:45:19 UTC 2017
On Thu, 2017-07-20 at 15:52 +0200, mj via samba wrote:
> Hi,
>
> Des anyone know if a script of some sort or way to check my samba
> accounts for known bad passwords, such as "123321", "1q2w3e", and such?
>
> We are currently the target by a botnet, trying out those easy passwords
> on our imap server. While many (all?) of our users have good complex
> paswords, I am not 100% sure about *all* of them. If possible I'd like
> to disable their accounts, in the case of such bad passwords.
I would, if I were you, use:
http://www.openwall.com/john/
http://openwall.info/wiki/john/sample-hashes
To get the hashes in the form you want for this, try:
pdbedit -w
That dumps an smbpasswd file format file (be very careful with this, it
contains your krbtgt key, admin password and everything else!)
Note this in the FAQ:
A: With PWDUMP-format files, John focuses on LM rather than NTLM hashes
by default, and it might not load any hashes at all if there are no LM
hashes to crack. To have JtR Pro or a -jumbo version focus on NTLM
hashes instead, you need to pass the "--format=nt" option.
I guess you would run it:
john --wordlist=/usr/share/john/password.lst /root/smbpasswd
--format=nt
You will need that jumbo version, the NTLM hash isn't in the one
packaged on Fedora, so this is where I stopped.
I hope this helps you keep in front of the bad guys!
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list