Penetration Testing mailing list archives
Re: Rainbow Tables
From: "DokFLeed" <dokfleed () dokfleed net>
Date: Thu, 9 Feb 2006 14:12:49 +0400
on a side note, Did anyone ever get a rainbow table working on NTLM ?----- Original Message ----- From: "Flory Jeffrey D Ctr 59 MDSS/MSISI" <Jeffrey.Flory2.ctr () lackland af mil> To: "Terry Vernon" <tvernon24 () comcast net>; "'Craig Wright'" <cwright () bdosyd com au>; "'ROB DIXON'" <RDIXON () workforcewv org>
Cc: <pen-test () securityfocus com> Sent: Wednesday, February 08, 2006 11:25 PM Subject: RE: Rainbow Tables
I agree, trial version never have really proven what the product will do since you cannot utilize most of almost all the functions that a fullversion offers. I personally will download freeware or shareware first and test it out. Like you I find it to be worthless, I trash it. If I like the tool and its functionality, I will keep it and try to boost its performance,if possible. Jeff -----Original Message----- From: Terry Vernon [mailto:tvernon24 () comcast net] Sent: Wednesday, February 08, 2006 1:34 AM To: 'Craig Wright'; 'ROB DIXON' Cc: pen-test () securityfocus com Subject: RE: Rainbow Tables I agree, back in my not so nice and legal days I had everything commercialyou could think of and used it to do some not so nice and legal things. Someof it I did find useful enough to pay for while the majority being crap. This was pre 2000. Like everyone else I don't like buying a car before Idrive it so-to-speak. Sadly not enough vendors offer full featured versionsas trial demos. -Terry (I know EVERYONE on this list has at least one cracked thing installed at home/work ;) ) -----Original Message----- From: Craig Wright [mailto:cwright () bdosyd com au] Sent: Tuesday, February 07, 2006 9:07 PM To: ROB DIXON Cc: pen-test () securityfocus com Subject: RE: Rainbow TablesPlease explain 'WHY' a "malicious attacker" is NOT likely to use commercialproducts. In the real world attackers use "commercial products" all the time - from script kiddies up. There are numerous Warez and Crack sites distributing commercial software. There is a clear distinction from having to legallyobtain software and using a cracked version, but this has nothing to do withuse. If you are breaking the law by scanning, it is not likely that copyright laws will hinder you.There are far more LC5 installs than have been sold. Further, the commercialproducts are oft easier - thus attracting more people to use them. Craig -----Original Message----- From: ROB DIXON [mailto:RDIXON () workforcewv org] Sent: 8 February 2006 5:04 To: stark192 () hotmail com; pen-test () securityfocus com Subject: Re: Rainbow Tables Hey Tony, The "others" should be informed that the malicious attacker is most likely to NOT use "commercial" products. And that for a true benchmark, maybe use the products that a malicious attacker would use. Most of which will probably be open source or free atthe least. That is assuming that they are not writing their own software. ;)I guess I'm asking, how do you justify "not" using free products? You can buy pre-computated rainbow tables, but there are different rainbowtables for different types of hashes. Example: ntlm, ntlmv2, sha1 , md5, etc. cheers, New Guy Robert L. Dixon, CSO CHFI A+ State of West Virginia's West VIriginia Office of Techonology Infrastructure Applications Netware/GroupWise Administrator Telephone: (304)-558-5472 ex.4225 Email:rdixon () workforcewv org<stark192 () hotmail com> >>>Hello, Trying to crack our password list at work, it's a long story, but it hasbeen put on a higher priority. I've been looking for some good pre-computed hash tables, like Rainbow tables, that will work with LC5. Does anyone havea source? I'd like to use RainbowCrack but others want to stick to commercial products. Thanks, Tony ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers arefutile against web application hacking. Check your website forvulnerabilities to SQL injection, Cross site scripting and other web attacksbefore hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers arefutile against web application hacking. Check your website forvulnerabilities to SQL injection, Cross site scripting and other web attacksbefore hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMERThe information contained in this email and any attachments is confidential.If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform uspromptly by reply email or by telephoning +61 2 9286 5555. Please delete theemail and destroy any printed copy.Any views expressed in this message are those of the individual sender. Youmay not rely on this message as advice unless it has been electronicallysigned by a Partner of BDO or it is subsequently confirmed by letter or faxsigned by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers arefutile against web application hacking. Check your website for vulnerabilitiesto SQL injection, Cross site scripting and other web attacks before hackersdo! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers arefutile against web application hacking. Check your website for vulnerabilitiesto SQL injection, Cross site scripting and other web attacks before hackersdo! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do!Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Rainbow Tables, (continued)
- Re: Rainbow Tables T.Dudek (Feb 08)
- RE: Rainbow Tables Boogiebruva (Feb 08)
- RE: Rainbow Tables Craig Wright (Feb 07)
- RE: Rainbow Tables Terry Vernon (Feb 08)
- RE: Rainbow Tables ROB DIXON (Feb 08)
- RE: Rainbow Tables Arley Barros Leal (Feb 08)
- Re: Rainbow Tables ROB DIXON (Feb 08)
- RE: Rainbow Tables Flory Jeffrey D Ctr 59 MDSS/MSISI (Feb 08)
- RE: Rainbow Tables Tony Stark (Feb 09)
- RE: Rainbow Tables Flory Jeffrey D Ctr 59 MDSS/MSISI (Feb 09)
- Re: Rainbow Tables DokFLeed (Feb 09)
- Re: Rainbow Tables jalvare7 (Feb 09)
- Re: Rainbow Tables Tony Stark (Feb 09)
- RE: Rainbow Tables Simpson, Brett (Feb 09)
- RE: Rainbow Tables Tom Brennan (Feb 09)
- RE: Rainbow Tables Simpson, Brett (Feb 10)
- RE: Rainbow Tables Tony Stark (Feb 09)
- RE: Rainbow Tables Stark192 (Feb 12)
- Re: Rainbow Tables Nicolas RUFF (Feb 15)
- Re: Rainbow Tables Tony Stark (Feb 16)
- Re: Rainbow Tables Tony Stark (Feb 17)
- Re: Rainbow Tables Nicolas RUFF (Feb 15)