RE: Etc/shadow file and john

["Clement Dupuis" <cdupuis () cccure org>]

I agree Rainbow Tables can greatly speed up the process.

However, it might take you a long time to generate them.  I spend 68 days
generating mine and then I found out about http://www.rainbowtables.net
These guys have the tables for sale, at the price they sell them, it was not
worth spending 68 days processing mine.

Rainbow tables are very fast, really worth a try.

Clement


Clément Dupuis, CD
President/Security Evangelist/Chief Learning Officer (CLO)
CCCure Enterprise Security & Training Inc.
CISSP, GCFW, GCIA, Security+, CEH, CCSA, MBNS, MBIS, MBHS, CCSE, ACE

Maintainer of :

The CISSP and SSCP Open Study Guides Web Site
http://www.cccure.org      

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org    
  

> -----Original Message-----
> From: Leandro Reox [mailto:lmet5on () fibertel com ar]
> Sent: Wednesday, July 27, 2005 10:45 PM
> To: 'Sherwyn Williams'; pen-test () securityfocus com
> Subject: RE: Etc/shadow file and john
>
> An effective method to get passwords is to pass them trough specific
> generated rainbow tables with a tool like CAIN.
> Is this hash encrypted with md5 or another known hashing algorithm ?
>
> Cheers
>
> --
> Leandro Reox
> http://www.securearg.net/ Secure from the source
> -----Original Message-----
> From: Sherwyn Williams [mailto:sherwill22 () tmail com]
> Sent: Wednesday, July 27, 2005 1:57 PM
> To: pen-test () securityfocus com
> Subject: Etc/shadow file and john
>
> I am doing an assesment for passwords on a network, after getting the
> password file I piped the output to a text file, tried to run that
> against John and can't get any luck with the program. Do anyone here
> uses any other password programs, and is there a better format than a
> text file to store the out of the etc/shadow when trying to get the
> passes.
> Sherwyn Williams
> Technical Consultant
> Sherwill22 () tmail com