Monthly Archives: July 2013

How do I test for … weak passwords hashes

So assuming for a moment you have a list of hashes (getting them is another topic altogether) there are a number of ways of testing the strength of your users passwords.  Ultimately, the strength of a password is the amount … Continue reading

Posted in How do I test for ... | Leave a comment

What is aad3b435b51404eeaad3b435b51404ee?

Short answer is… The string “aad3b435b51404eeaad3b435b51404ee” is the LM hash for ‘no password’.  In other words, its empty.  Typically it could be seen at the top of a hash dump from windows and would look something like this: Administrator:500:aad3b435b51404eeaad3b435b51404ee:8118cb8789b3a147c790db402b016a08::: (before … Continue reading

Posted in Uncategorized | Leave a comment

How do I test for … bad SSL/TLS implementations

The easiest way to find poor implementations of SSL and TLS encryption algorithms is to run the SSL Scan tool.  If you run it against this website you will get something along the lines of: sslscan –no-failed srv.felixrr.pro:443 _ ___ … Continue reading

Posted in How do I test for ... | Leave a comment