Sign in to follow this  
Followers 0

Detecting and/or circumventing account lockout

3 posts in this topic

How would you detect when an account you are attempting to access with a password list has account lockout set (without admin rights) without actually locking out the account?

Is there a way to reset the account lockout status (without admin rights) both for local accounts and for AD accounts, or maybe reset the bad password counter?

Is there a way you can force lockout for the local Administrator account for DoS purposes? (Assuming CHNTPW or something similar would fix this)

For the record I am requesting this information not to hack folks but because I am responsible for desktop build hardening for my organization and want to find out how an attacker would try to get around our account lockout mechanism. I've looked around for this information and I know Ed Skoudis mentions in one of his Pen Test webcasts that it's covered in his 560 class but unfortunately we have no training budget for my team currently, nor would I pony up that kind of cash just for this info.

Any ideas?


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0