# Password Policies

In order to generate password lists it is of importance to know the password
policies of the designated target. Therefore one can use `netexec` or
`crackmapexec` to find out how they look like.

```sh
 netexec smb $TARGET_IP --pass-pol
```

## Password Complexity Flags

The output of netexec contains a field which indicates what [password
complexity](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gpsb/0b40db09-d95d-40a6-8467-32aedec8140c)
is used.

> Flag that indicates whether the operating system MUST require that passwords
> meet complexity requirements. If this flag is set, it indicates that passwords
> MUST meet a specific minimum requirement. This value MUST be between 0 and
> 2^16. A value of 0 indicates that no password complexity requirements apply.
> Any other valid value indicates that password complexity requirements apply.

Categories of complexity are

* Uppercase letters
* Lowercase letters
* Digits
* Special characters