There’s no doubt that domain accounts with weak passwords can be a serious concern for companies, there are a few ways you can protect yourself against issues like this. The first is to set a domain and local account lockout policy and the second is to enforce password complexity. However if your users are using “Password1” as their password, neither of these steps will protect you.
Whilst Hashcat is often provable faster than John the Ripper, John is still my favourite. I find it simple to use, fast and the jumbo community patch (which I recommend highly) comes packed with hash types making it a versatile tool.
One of the features of these tools, which is often unknown or at least under appreciated is the ability to create custom “rules” for teaching the tool how to dynamically generate potential passwords. Since Microsoft implemented “Password Complexity” and this was enforced around the globe, user have made the jump from a password of: password, to the [sarcasm] much more secure [/sarcasm]: Password1.
Why not copy and paste the following into your /etc/john.conf and try them out! Got a suggestion for a rule? Leave a comment! They can then be called with ‐‐rules=Try, ‐‐rules=TryHarder and ‐‐rules=BeBrutal! You can find an explanation of how these rules are built here.