[TOOL] Cisilia, Cluster Based Password Brute Forcer

From: support@securiteam.com
Date: 02/10/03

  • Next message: support@securiteam.com: "[NEWS] Yet another Plaintext Attack on ZIP's Encryption Scheme (WinZIP)" 
    From: support@securiteam.com
To: list@securiteam.com
Date: 10 Feb 2003 13:09:39 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    Beyond Security would like to welcome Tiscali World Online
    to our service provider team.
    For more info on their service offering IP-Secure,
    please visit http://www.worldonline.co.za/services/work_ip.asp
    - - - - - - - - -

      Cisilia, Cluster Based Password Brute Forcer
    ------------------------------------------------------------------------

    DETAILS

     <http://www.cisiar.org/proyectos/cisilia/home_en.php> Cisilia is a
    mutli-process password cracking system.

    Tool objectives:
    The main objective of this project is to test and evaluate a number of
    password cracking brute-force methods. This led Cisiar to define two
    secondary ones:
    A) The building of a PC cluster which allows high speed computing and
    B) The design of a cluster based password-cracking application.

    Although there are some very efficient password cracking systems published
    (i.e.: l0phtcrack, john the ripper, etc.) Cisiar decided to develop a
    cluster-aware cracking system.

    Cisilia:
    Cisilia is a multi-process password cracking system. The current version
    of Cisilia (0.7.3) recovers Windows NT/2000/XP and Samba user account
    passwords computing DES/MD4 password hashes. Though Cisilia includes a
    dictionary based password recovery algorithm, the main goal of this system
    is to perform parallel-brute-force attacks. This is why it is designed as
    a multi-process parallel system with the ability to run in multiprocessor
    (SMP) or load-balancing cluster systems. Cisilia divides the password
    ranges among sub-processes and then creates the "n" child processes
    themselves. If Cisilia is executed on a load-balancing cluster, the
    different child processes are migrated to the other nodes increasing the
    computational speed. Cisilia includes a flexible character feeding
    mechanism that will be used to test different character sets (alphabets)
    in order to accelerate the password recovery task.

    ADDITIONAL INFORMATION

    The tool can be downloaded from:
     <http://www.cisiar.org/proyectos/cisilia/home_en.php>
    http://www.cisiar.org/proyectos/cisilia/home_en.php

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.