WIN2K Checklist v2111 - Appendix D MSE安全攻防资料.doc

Password Strength Verification - Standard Operating Procedures This appendix contains procedures for running “John the Ripper” password integrity software. This utility should be run against a Domain Controller in each WIN2K domain being reviewed. The use of this utility should be briefed at any in-briefing and permission should be obtained to run it. The “John the Ripper” password cracking utility is scripted using a batch file command script and runs locally on the system being checked. The script, pwchk.cmd, and supporting files can be used from a CD-ROM or zip disk. The script must be run with an account having administrator rights. To run the script, open the command prompt (Start Run enter ‘cmd.exe’ OK). Change to the drive containing the script (e.g. CD E:) and enter ‘pwchk’ at the command prompt, then press enter. Reply to the prompt that asks if this is a WIN2K server. The reviewer will be prompted to save the output to floppy (Y/N), to insert a floppy into the A drive, and then press any key to continue. If the reviewer selects yes and inserts a floppy disk, the output files are copied to A. If the reviewer selects no, the output is saved to C:\temp\srr\output and no option to remove the output is provided. If the reviewer selected to save to the A drive, they will then be prompted to remove the output from the hard drive (Y/N). If the reviewer selects yes, the output is sent to the recycle bin. If the reviewer selects no, then the output is maintained in the C:\temp\srr\output directory. (Normally, this data would not be left on the machine) The disk containing the output from the script should be left with the site ISSO. The output consist of four files: 1. Dumpfile.txt – contains the local SAM file. Sample below: Admin_adm:500:889A4539E10382A0B79AE2610DD89D4C:9C04FA584DF117EF6810876AB32FC4AF::: NoGuest:501CD5F39583C718A6B039ABEA:C3BAC902800BD42D36B72DD84A4EA61D:Built-in account for guest access to the computer/domain:: userid:1002:A