IMA


   all-in-one tool to audit accounts and passwords !

What is IMA ?

IMA (Identity Management Auditor) is a GUI tool that provides an all-in-one tool to audit accounts, authorization and passwords

Features

• Assess and crack Microsoft Windows passwords (LM, NTLM, Microsoft SQL Server), ORACLE and Lotus Domino (and others...)
• John-The-Ripper pot import capabilities
• Able to evaluate passwords strength : trival, weak or strong.
• Excel export
  
  
  IMA is written in C#, so the .NET framework 2.0 Service Pack 1 and the Oracle Data Access Components (ODAC) are needed.
  
  The IMA public release only contains theMS Windows, MS SQL Server and Oracle Database modules.
  
  
  

  Download      (.NET Framework 2.0 SP1 needed)

  Beta Release (v0.4.7) - January 11 : Adding IMA Unleashed, Shares Auditor, Windows Credentials Editor (Ampli Security), Many Bugs Fixed...
  

  Download IMA

  Please, fill the following form :                                                                                     (*): Mandatory fields
  
  

  (*) Name:
  (*) Firstname:
  (*) Company:
  (*) Tel:
  (*) Email:
  Comment:
  IMA Full IMA Lite	Download »»

  
  

  IMA Full : John The Ripper & PwDump embedded may be detected/blocked by some antivirus as "Hacking Tools"

  IMA Lite : Without John The Ripper & PwDump

  
  

  	IMA Full (John the Ripper, PwDump & WCE Embedded)				IMA Lite (Without John the Ripper, PwDump & WCE)

  System Auditor
  ●    Detailled Version
  ●    Users
  ●    Groups / Roles / Permissions
  ●    Services / Shares / Databases
  ●    Password Hashes

  Password Auditor
  ●    Full password assessment
  ●    Quick assessment (NULL or trivial passwords)					*

  Extra Tools
  ●    Password Generator (LM, NT, SQL2000 & SQL2005)
  ●    John Pot Generator (LM, NT, SQL2000 & SQL2005)
  ●    LM2NTCRACK GUI
  ●    SQL2KTO2005CRACK GUI
  ●    ORACLEDES2SHA1CRACK GUI

  
  * : Imported Hashes only
  
  
  

  Presentation:

  • SSTIC 09 (Rump Session):  Slides PPT
  • Demonstration:  Video (9.1 MB)      (Compatible QuickTime/VLC)

  
  
  

  Introduction

  Most of our customers are sensibilized about Identity Management : "Can I have the member list of each group ?" "Can I have the list of Administrators profiles ?" "Did they embedded strong password ?"...
  
  However, when you perform an audit/penetration test, you still found trivial administrative accounts (backup/backup, sa/NULL...), which for some Odd/Business reasons are "Domain Administrators" or members of the group "root".
  
  The big deal is even if you give to the IT teams all the commands/tools with the good parameters, they cannot easily exploit these information on each server.
  
  
  So, IT teams need a tool to perform automatically these tasks and gathering data... That's why I have launched the IMA project.
  
  

  MS Windows/Active Directory Screenshots : +
  

  
  
  MS SQL Server Screenshots : +
  

  
  
  Extra Tools Screenshots : +
  

  
  
  

  Optional Resources

  This software embedded compiled version of :
  

  • John the Ripper (Password Auditor)
    
  • PwDump 6 (Microsoft Windows Password Dumper)
    
  • Oracle Default Password List (Pete Finnigan)
    
  • Oracle Data Access Components (ODAC)
    
  • Oracle Data Access Components (ODAC)
    
  • WCE
    

  
  
  

  History

  Each releases fixed some/lot of bugs, but add a major functionality :
  

  • Beta Release (v0.4.7) - January 11 : IMA Unleashed, Shares Auditor, WCE & many bugs fixed
    
  • Beta Release (v0.3.1) - December 09 : Multi-Threading optimisation & many bugs fixed
    
  • Beta Release (v0.3) - November 09 : Oracle Database support added
    
  • Beta Release (v0.2) - October 09 : MS SQL Server support added
    
  • Beta Release (v0.1) - June 09 : MS Windows support only
    

  
  
  

  Bugs / Comments

  Please report bug and/or comments to :

  • Yannick Hamon <yannick.hamon@xmco.fr>