[TOOL] MHW, Macintosh Hacker's Workshop

From: support@securiteam.com
Date: 12/13/01 

From: support@securiteam.com
To: list@securiteam.com
Date: Thu, 13 Dec 2001 08:35:38 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  MHW, Macintosh Hacker's Workshop
------------------------------------------------------------------------

DETAILS

MHW is the first tool in an upcoming suite of software. This software will
allow you to check the strength of OS X passwords on OSX server or
personal workstation or any other DES encrypted password files.

MHW consists of four tools:
1) Generator: A fast passwords list generator. It is capable of generating
an 81 million word dictionary (85655680 characters) in less than 27 sec.

2) Gecos-Read: A simple module that parses a standard UNIX passwd file and
extracts structured information from it.

3) Wordlist Cleaner: A dictionary cleaner, it allows to remove duplicated
entries or even select a simple text file to create a dictionary

4) Cracker: The fastest password cracker ever made on MacOS with many
features such as session recovery, three levels of CPU usage.
Two types of attacks are possible: brute force and dictionary. The cracker
is able to read wordlists up to 2 GB.

The cracker runs at the speed of 27221 passwords/second on PowerBook G4 on
OS X and 66415 passwords/second on dual G4 800mhz on OS 9.2.

MHW is dedicated to any users or administrators who want to check the
resistance of their password OSX or any other system using DES encryption.

MHW is the fastest ever made and the first password cracker created for OS
9 and OS X in a single version. This version includes in "goodies" the
source code for an exploit known as ³malvolence² (dump passwd to a text
file).

ADDITIONAL INFORMATION

MHW 1.1 is available for download from:
 <http://grungie.code511.com/MHW_1.1_Release.sit.bin>
http://grungie.code511.com/MHW_1.1_Release.sit.bin

The information has been provided by <mailto:adf@code511.com>
deepquest---Code511.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.