Penetration Testing mailing list archives
RE: policy-based password cracker
From: "Miguel Dilaj" <Miguel.Dilaj () nccgroup com>
Date: Fri, 2 Dec 2005 08:58:17 -0000
Hi Chris, You can give Lepton's Crack a try, depending on the algorithm you need you'll need either the main branch from http://usuarios.lycos.es/reinob/ or Piero Brunati's version from http://www.nestonline.com/lcrack/. Both versions support defining min/max pw length and charset, and they also have a very powerful REGEX mode. Lepton's Crack currently doesn't generate nor support rainbow tables, but it comes with a small utility to produce precomputed "tables" that are a slightly similar concept... Cheers, Miguel -----Original Message----- From: Chris Costantino [mailto:clckct () yahoo com] Sent: 01 December 2005 17:50 To: pen-test () securityfocus com Subject: policy-based password cracker Hi all, I am looking for a brute-force password cracker that can be configured based on password policies. For example, I am trying to audit a system that I know the security policy on (min/max pw length, complexity rules, etc) What I want is to only brute-force passwords that fit that policy. Obviously, min and max is not the issue, but I can not seem to find anything that will only test passwords that meet complexity requirements (lowercase alpha, uppercase alpha, number). Something that generates this into a rainbow table would be even better..... Anyone aware of such a tool? Thanks in advance, Chris Miguel Dilaj Pen Test Consultant NCC Group Manchester Technology Centre, Oxford Road, Manchester, M1 7EF Tel: +44 (0)161 209 5459 Mobile: +44 (0)7811 352 848 Fax: +44 (0)161 209 5400 eMail: Miguel.Dilaj () nccgroup com website: www.nccgroup.com *********************************************************************************************************** DISCLAIMER: This e-mail contains proprietary information, some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail. If you are not the intended recipient you may not use, disclose, distribute, copy, print or rely on this e-mail. *********************************************************************************************************** ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- policy-based password cracker Chris Costantino (Dec 01)
- Re: policy-based password cracker Rembrandt (Dec 01)
- Re: policy-based password cracker thomas springer (Dec 02)
- Re: policy-based password cracker Thierry Zoller (Dec 02)
- Re: policy-based password cracker David Cravshaw (Dec 03)
- RE: policy-based password cracker Password Crackers, Inc. (Dec 03)
- <Possible follow-ups>
- RE: policy-based password cracker Miguel Dilaj (Dec 03)
- RE: policy-based password cracker Shenk, Jerry A (Dec 04)