Assess NT Passwords Strength Tool

The goal of this script is to assess and report strength of user passwords
without revealing username-password combinations, but using only statistical
methods


==== Synopsis
 1. Extract NT/2000 hash with pwdump2
    pwdump2 >SAM.txt
         or
    pwdump3\pwdump3e remote_comp SAM.txt

 2. Run the analisys script
    assessPW SAM.txt

 3. Delete the hash
    del SAM.txt

==== The Approach

The idea is to use automated approach, where cracked passwords will be
automatically detached from the user accounts and will be analyzed separately.
The following process flow will apply:

* Extract password information -> [usernames with password hashes]
* filter out accounts without passwords ->[usernames with password hashes]
* run password cracking software with simple (fast, dictionary only), delete
used username with password hashes file (we do not need it any more) -> [guessed
usernames with clear text passwords]->
* remove usernames -> [guessed clear text passwords without usernames]
* analyze statistics of obtained results: easy/strong passwords ration, 10 most
popular passwords -> [report]
* clean-up by deleting all password files


==== Used Tools
For NT password extraction SAMDUMP or PWDUMP2 or PWDUMP3 could be used
For password guessing John the Ripper (http://www.openwall.com/john/) on Win32
For filtering and sorting GNU utilities SED and UNIQ on Win32
CygWin project (www.cygwin.com) DLLs are used for JOHN, SED and UNIQ


==== ToDO
1. Link easy-to-guess passwords to accounts with administrative privileges