988 B
988 B
Password Policies
In order to generate password lists it is of importance to know the password
policies of the designated target. Therefore one can use netexec or
crackmapexec to find out how they look like.
netexec smb $TARGET_IP --pass-pol
Password Complexity Flags
The output of netexec contains a field which indicates what password complexity is used.
Flag that indicates whether the operating system MUST require that passwords meet complexity requirements. If this flag is set, it indicates that passwords MUST meet a specific minimum requirement. This value MUST be between 0 and 2^16. A value of 0 indicates that no password complexity requirements apply. Any other valid value indicates that password complexity requirements apply.
Categories of complexity are
- Uppercase letters
- Lowercase letters
- Digits
- Special characters