Penetration Testing mailing list archives
Re: policy-based password cracker
From: Rembrandt <rembrandt () jpberlin de>
Date: Fri, 2 Dec 2005 03:20:47 +0100
On Thu, 1 Dec 2005 09:50:10 -0800 (PST) Chris Costantino <clckct () yahoo com> wrote:
Hi all, I am looking for a brute-force password cracker that can be configured based on password policies. For example, I am trying to audit a system that I know the security policy on (min/max pw length, complexity rules, etc) What I want is to only brute-force passwords that fit that policy. Obviously, min and max is not the issue, but I can not seem to find anything that will only test passwords that meet complexity requirements (lowercase alpha, uppercase alpha, number). Something that generates this into a rainbow table would be even better..... Anyone aware of such a tool? Thanks in advance, Chris
hydra from THC... It even provides a tool called pw-inspector to modify your wordlists. In the TODO is an entry that bf was added in the 5.x release (not confirmed by me). There Bugs in Hydra but it's working.. Kind regards, Rembrandt-- God did a bless on me, So accapt the dark side in you. Hate leads me to victory, so give me a war.
Attachment:
_bin
Description:
Current thread:
- policy-based password cracker Chris Costantino (Dec 01)
- Re: policy-based password cracker Rembrandt (Dec 01)
- Re: policy-based password cracker thomas springer (Dec 02)
- Re: policy-based password cracker Thierry Zoller (Dec 02)
- Re: policy-based password cracker David Cravshaw (Dec 03)
- RE: policy-based password cracker Password Crackers, Inc. (Dec 03)
- <Possible follow-ups>
- RE: policy-based password cracker Miguel Dilaj (Dec 03)
- RE: policy-based password cracker Shenk, Jerry A (Dec 04)