Vulnerability Development mailing list archives
Re: Password Cracking Challenge...
From: Cesar <cesarc56 () yahoo com>
Date: Fri, 1 Aug 2003 08:20:48 -0700 (PDT)
What kind of application it is? If it's a Windows application then you can look for Application ActiveXs, COM dlls and maybe found the ones that do the password hashing and then you can use them to crack the passwords. Cesar. --- Ronish Mehta <sf_mail_sbm () yahoo com> wrote:
--- David Schwartz <davids () webmaster com> wrote:Two things: 1) You should have hashed a few of the shortest possible passwords, like 'a' and 'b' if the program would allow you to. At minimum, you should have hased passwords that are much more similar, like 'foo0' and 'foo1', or ideally '0' and '1'. You have no passwords that differ by only one character.Application does not allow to put smaller passwords Password0 - D5FBB0C7C20D9CE79D3B837BD6FB3505 Password3 - D5FBB0C7C20D9CE7B872B3A0BD587B8D Password4 - D5FBB0C7C20D9CE7BE369511C82DD666 Password5 - D5FBB0C7C20D9CE75B475FA1726B48702) You need to tell people what it is they're working on. If we're going to help you compromise the security of something, we need to know what it is. You don't mention whether this is an algorithm you constructed just for this challenge or whether it's a real algorithm.This is a real algorithm. It is used in a small application used at the company I work for, I posted this because i need to make a password audit for weak passwords, I have full access to the database this is how i get access to the hashes! We do not have access to the source code, so i can;t figure out the algorithm __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Current thread:
- Re: Password Cracking Challenge... Cesar (Aug 01)