Re: Rainbow Tables

[Max Ashton <maxashton () eml cc>]

Your average hacker isn't going to have qualms over using a cracked copy of, 
f.ex, CoreSecurity's pentest suite, or a cracked copy of LC5. They're going 
to use everything in the commercial, OSS, and Freeware and social arenas to 
achieve their goal.

Sure, if they're doing a driveby wlan hack they might well use a livecd and an 
old throwaway laptop, but you can't rule out the high tech, highly 
experienced hackers. 

You can't presume they have any morality. They don't care they're stealing 
software. They want to steal / DOS / Destroy you.

Just my two pence.

Max Ashton

On Tuesday 07 February 2006 18:03, ROB DIXON wrote:
> Hey Tony,
>
>    The "others" should be informed that the malicious attacker is most
> likely to NOT use "commercial" products.
>
> And that for a true benchmark, maybe use the products that a malicious
> attacker would use. Most of which will probably be open source or free at
> the least. That is assuming that they are not writing their own software.
> ;) I guess I'm asking, how do you justify "not" using free products?
>
> You can buy pre-computated rainbow tables, but there are different
> rainbowtables for different types of hashes. Example: ntlm, ntlmv2, sha1 ,
> md5, etc.
>
>
> cheers,
>
> New Guy
>
> Robert L. Dixon,  CSO
> CHFI A+
> State of West Virginia's
> West VIriginia Office of Techonology
> Infrastructure Applications
> Netware/GroupWise Administrator
> Telephone: (304)-558-5472 ex.4225
> Email:rdixon () workforcewv org
>
> > > > <stark192 () hotmail com>  >>>
>
> Hello,
>
> Trying to crack our password list at work, it's a long story, but it has
> been put on a higher priority. I've been looking for some good pre-computed
> hash tables, like Rainbow tables, that will work with LC5. Does anyone have
> a source?
>
> I'd like to use RainbowCrack but others want to stick to commercial
> products.
>
> Thanks,
>
> Tony
>
> ---------------------------------------------------------------------------
> --- Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are futile against web application hacking. Check your website for
> vulnerabilities to SQL injection, Cross site scripting and other web
> attacks before hackers do! Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ---------------------------------------------------------------------------
> ----
>
>
>
> ---------------------------------------------------------------------------
> --- Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are futile against web application hacking. Check your website for
> vulnerabilities to SQL injection, Cross site scripting and other web
> attacks before hackers do! Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ---------------------------------------------------------------------------
> ----

Attachment: _bin
Description: