Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rainbow Tables

From: "Tony Stark" <stark192 () hotmail com>
Date: Thu, 09 Feb 2006 13:57:14 -0500
That was the first thing I tried, placed the cracked passwords into a file and added it to the password list in LC5, removed the other lists just to make sure it was working but it didn't make any difference, it was like the dictionary attack didn't see the numbers or characters. I tested it a few different ways and there was not change in the completion time.
Seems totally logical that it would work but each time I tried it I came up with the dictionary attack taking the same amount of time to complete.. 

Tony



From: jalvare7 () cajastur es
To: "Tony Stark" <stark192 () hotmail com>
CC: pen-test () securityfocus com
Subject: Re: Rainbow Tables
Date: Thu, 9 Feb 2006 18:20:24 +0100

I understand that you have an assignment and so you are compelled to do
that. But, wouldn't it be easier to create a diccionary with the passwords
in clar text?. In fact I believe LC5 can create a diccionary with the
result of a session.

Regards





"Tony Stark" <stark192 () hotmail com>

09/02/2006 14:19


        Para:   pen-test () securityfocus com
cc: (cco: Juan Alvarez Ferrando/Auditoria Informatica/EXTERNOS CAJASTUR) 
        Asunto: Re: Rainbow Tables



Thank you all for the great suggestions! I now have some great resourses
from where I can pull the info I need.


Now, I've got a good one for you which may be a challange to come up with
a
solution.

I have now been tasked to take a list of passwords and try to generate a
precomputed hash table out of those passwords...not sure if this can be
done
but of course I have to find a way..since I am "holding up a project".

Reason for this...the idea is that if we take the current list of
passwords
create a pre-computed hash table the next time we audit we'd run LC5 (till
I
convense them otehrwise) and all but the passwords that changed and new
accounts would get knocked out right away.

Does anyone have a hint as to how I should do this? Is there a way to take

the hashes and the cracked clear text and merge them into a table?

What is the best application foir creating pre-computed hash tables, that
will work with LC5?

Thanks again for your help and the great suggestions!!

Tony

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!

http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,

login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------






_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ 


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: 

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: