RE: [Full-Disclosure] commerical rainbow crack?

From: Ian Latter (Ian.Latter_at_mq.edu.au)
Date: 03/23/04

  • Next message: Hugh Mann: "[Full-Disclosure] Think of the buffers! Won't somebody think of the buffers?!" 
    To: "Richard Stevens" <richard@tccnet.co.uk>
Date: Tue, 23 Mar 2004 18:11:59 +1000

    Hello Richard,

      I haven't read the whole thread yet, but if this is what you came
    to, then there are a couple of other options;

       plJohn
         http://www.hick.org/~johnycsh/code/

      CHAOS
         http://itsecurity.mq.edu.au/chaos/

      plJohn is a perl wrapper for piping one dictionary combo out
    into a swarm of JtR crackers (for an openMosix cluster primarily).
    And then CHAOS is a bootable CD implementation of openMosix with
    "forkjohn" - a binary version of plJohn that I implemented - to
    do the same thing. Take your closest computer lab and dedicate
    the whole thing to the process, and you'll have an audit outcome in
    no time (exactly what I built CHAOS in the first place).

      The advantage of this type of usage of JtR, versus systems like
    djohn (and a couple of others) is that your don't need to modify the
    JtR executable itself -- just pipe what you need around (you could
    prolly use your imagination with netcat and get away with using it
    without a cluster, if you're looking at something simpler).

      The irony of ironies .. is that *the* password that I wanted to
    audit; I still haven't established the hash-type for, so the primary
    purpose has really become moot.

    NB:

      If you're going to end up brute forcing the password, rather than
    dictionary-attacking it, then consider Cisilia also;
        http://www.cisiar.org/proyectos/cisilia/home_en.php

    ----- Original Message -----
    >From: "Richard Stevens" <richard@tccnet.co.uk>
    >To: <full-disclosure@lists.netsys.com>
    >Subject: RE: [Full-Disclosure] commerical rainbow crack?
    >Date: Mon, 22 Mar 2004 21:28:12 -0000
    >
    > thanks to all for the input., looks like john it is, with a little more patience :)
    >
    > out of interest, anyone think a distributed project using john would be useful? something
    like the SETI screen saver thing...
    >
    >
    >
    >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    > 

    --
Ian Latter
Internet and Networking Security Officer
Macquarie University
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
  • Next message: Hugh Mann: "[Full-Disclosure] Think of the buffers! Won't somebody think of the buffers?!"
    • Quantcast