Penetration Testing mailing list archives

RE: Rainbow Tables

From: "Tony Stark" <stark192 () hotmail com>
Date: Thu, 09 Feb 2006 08:26:42 -0500


Hello Jeff,

Exactly what I am shooting for, that is what I am trying to do but findingthe pieces are sometimes difficult, thus my e-mail, since it looks like LC5wont be around any longer I dont see many (easy to find) pre-computedtables that work with LC5. But it looks like I came to the right place toask!

Once I get this project completed I am going to lay out a plan, baselines,etc.. using the open source software so management knows how much quicker wecan get this work completed.


Thx,

Tony

From: Flory Jeffrey D Ctr 59 MDSS/MSISI<Jeffrey.Flory2.ctr () lackland af mil>

To: "T.Dudek" <duderik () gmail com>, ROB DIXON <RDIXON () workforcewv org>
CC: stark192 () hotmail com, pen-test () securityfocus com
Subject: RE: Rainbow Tables
Date: Wed, 8 Feb 2006 13:22:21 -0600

I have many tools within my aresenal that I maintain in order for me to do
my daily tasks and duties protecting my network.  I will test any tool that
I think I can benefit from, once tested, I will brief the powers that be,
and proceed to utilize my new found toy.

I have downloaded and updated my LC5 so many times using various
dictionaries, hashes, etc in order to keep the personnel where I work in
compliance with all my directive policies.

Jeff
Gate Keeper

-----Original Message-----
From: T.Dudek [mailto:duderik () gmail com]
Sent: Wednesday, February 08, 2006 8:34 AM
To: ROB DIXON
Cc: stark192 () hotmail com; pen-test () securityfocus com
Subject: Re: Rainbow Tables

One word: "pirated software".
ok, so it's two words ;-)

I've seen enough cases where the evildoers were using lophtcrack or the
various commercial software/hardware keystroke loggers that you can buy.
Most of the time it's pirated stuff, but why not use the best you can

get/steal when you're a criminal? I'd say the "others" should be informedof

both risks, and need to be reminded that "most likely" does not really mean
anything. I wouldn't step on a plane that would "most likely" not crash..


On 2/7/06, ROB DIXON <RDIXON () workforcewv org> wrote:
> Hey Tony,
>
>    The "others" should be informed that the malicious attacker is most
> likely to NOT use "commercial" products.
>
> And that for a true benchmark, maybe use the products that a malicious
> attacker would use. Most of which will probably be open source or free
> at the least. That is assuming that they are not writing their own
> software. ;) I guess I'm asking, how do you justify "not" using free
> products?
>
> You can buy pre-computated rainbow tables, but there are different
> rainbowtables for different types of hashes. Example: ntlm, ntlmv2,
> sha1 , md5, etc.

----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,

login pages, dynamic content etc. Firewalls, SSL and locked-down serversare


futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---


_________________________________________________________________

Dont just search. Find. Check out the new MSN Search!http://search.msn.click-url.com/go/onm00200636ave/direct/01/



------------------------------------------------------------------------------

Audit your website security with Acunetix Web Vulnerability Scanner:Hackers are concentrating their efforts on attacking applications on yourwebsite. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers arefutile against web application hacking. Check your website for vulnerabilitiesto SQL injection, Cross site scripting and other web attacks before hackers do!Download Trial at:


http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Re: Rainbow Tables, (continued)
- Re: Rainbow Tables ROB DIXON (Feb 07)
  - Re: Rainbow Tables Max Ashton (Feb 08)
  - Re: Rainbow Tables T.Dudek (Feb 08)
  - RE: Rainbow Tables Boogiebruva (Feb 08)
- RE: Rainbow Tables Craig Wright (Feb 07)
  - RE: Rainbow Tables Terry Vernon (Feb 08)
- RE: Rainbow Tables ROB DIXON (Feb 08)
- RE: Rainbow Tables Arley Barros Leal (Feb 08)
- Re: Rainbow Tables ROB DIXON (Feb 08)
- RE: Rainbow Tables Flory Jeffrey D Ctr 59 MDSS/MSISI (Feb 08)
  - RE: Rainbow Tables Tony Stark (Feb 09)
- RE: Rainbow Tables Flory Jeffrey D Ctr 59 MDSS/MSISI (Feb 09)
  - Re: Rainbow Tables DokFLeed (Feb 09)
- Re: Rainbow Tables jalvare7 (Feb 09)
  - Re: Rainbow Tables Tony Stark (Feb 09)
- RE: Rainbow Tables Simpson, Brett (Feb 09)
- RE: Rainbow Tables Tom Brennan (Feb 09)
- RE: Rainbow Tables Simpson, Brett (Feb 10)
  - RE: Rainbow Tables Tony Stark (Feb 09)
- RE: Rainbow Tables Stark192 (Feb 12)
  - Re: Rainbow Tables Nicolas RUFF (Feb 15)

(Thread continues...)