Proactive Password Auditor is a security auditing software that assists in examining network security, recovering account passwords, and auditing security policies. It allows users to run a comprehensive attack on account passwords to determine network security level.
One of the key aspects of network security is having strong security policies. However, not all security policies are equally secure. A weak password is often the weak link in the chain that compromises security of the entire network. It is common for corporate users to use passwords that are too simple or too short, which are easy to remember but essentially insecure. Proactive Password Auditor determines the security of the network by attempting to break into a network through password recovery.
If the software can unlock just one account within a certain time, it demonstrates the vulnerability of the entire network. If the network withstands the attack between password expirations, the password security policy is considered strong enough.
Another beneficial feature of the software is the ability to recover lost or forgotten passwords. By analyzing password hashes and recovering plain-text passwords, Proactive Password Auditor makes it possible to access and log in to user accounts, exposing the EFS-encrypted files and folders. A wide range of available attacks from dictionary to brute force makes it possible to recover passwords over the network, while the Rainbow attack can recover up to 95% of passwords in just minutes. Fortunately, the Rainbow attack cannot be executed from the outside!
Proactive Password Auditor can analyze Registry binaries and extracted dump files, allowing for the off-line password recovery. The software runs on various Windows operating systems such as NT4, 2000, XP, Vista, Windows Server 2003, and Windows Server 2008. Overall, it is a valuable tool for anyone looking to test the strength of their network security and recover account passwords.
Version 2.04: Bugfixes
Version 2.01: N/A
Version 1.60: New in version 1.60: On LM hashes, the program works 1.5 times faster; brute-force and mask attacks (LM and NTLM) are now multi-threaded for better performance multi-CPU systems; multilingual user interface has been implemented; better support of Windows Vista; many other improvements.
Version 1.51: New in version 1.51: improves Windows Server 2003 compatibility and handles Data Execution Protection (DEP) options properly.
Version 1.5: New in version 1.5: new rainbow attack, an ability to dump from multiple remote computers at once using pre-defined credentials, advanced password recovery for system and other accounts when dumping from remote computer, decrypting ASPNET and SQLDebugger passwords, and many other improvements.