Penetration Testing mailing list archives

Re: policy-based password cracker

From: David Cravshaw <david.cravshaw () gmail com>
Date: Fri, 2 Dec 2005 09:56:21 -0600

Rainbowcrack supports customized charsets, so you can easily create
your own character set and place it in the charset.txt file.

custom = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]

(It's useful to note that if you're cracking LANMAN hashes, the
charset only needs to include uppercase alpha and not lowercase due to
how LM hashes are stored...)

Cain (http://www.oxid.it) can be configured to use a customized
character set for brute-force attacks and might even be a little bit
easier to use than John the Ripper...

On 12/1/05, Chris Costantino <clckct () yahoo com> wrote:

Hi all,

I am looking for a brute-force password cracker that
can be configured based on password policies.  For
example, I am trying to audit a system that I know the
security policy on (min/max pw length, complexity
rules, etc)  What I want is to only brute-force
passwords that fit that policy.  Obviously, min and
max is not the issue, but I can not seem to find
anything that will only test passwords that meet
complexity requirements (lowercase alpha, uppercase
alpha, number).  Something that generates this into a
rainbow table would be even better.....

Anyone aware of such a tool?

Thanks in advance,
Chris



__________________________________________
Yahoo! DSL – Something to write home about.
Just $16.99/mo. or less.
dsl.yahoo.com


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

policy-based password cracker Chris Costantino (Dec 01)
- Re: policy-based password cracker Rembrandt (Dec 01)
- Re: policy-based password cracker thomas springer (Dec 02)
- Re: policy-based password cracker Thierry Zoller (Dec 02)
- Re: policy-based password cracker David Cravshaw (Dec 03)
- RE: policy-based password cracker Password Crackers, Inc. (Dec 03)
- <Possible follow-ups>
- RE: policy-based password cracker Miguel Dilaj (Dec 03)
- RE: policy-based password cracker Shenk, Jerry A (Dec 04)