RE: Password "security" - was"Passwords with Lan Manager (LM) under Windows" and "Whitespace in passwords"
From: Miguel Dilaj (mdilaj_at_nccglobal.com)
Date: 09/26/05
- Previous message: Dragos Ruiu: "PacSec05"
- Maybe in reply to: Miguel Dilaj: "Password "security" - was"Passwords with Lan Manager (LM) under Windows" and "Whitespace in passwords""
- Next in thread: Hussein Ghazy (ProtechT): "Scripts found on web server"
- Reply: Hussein Ghazy (ProtechT): "Scripts found on web server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <pen-test@securityfocus.com> Date: Mon, 26 Sep 2005 15:28:14 +0100
Hi Dave,
Lepton's Crack can, for sure. I dunno if the version with non-printable
characters is 20040914 or 20040916 (the later is not online, I'm afraid, I
have it on a CD somewhere).
Just had a look at the CHANGES file:
20040914/
- Added support for any ASCII character (ie. also non-printable) in
the charset and regex definition, via \0(octal), \x(hex),
\(decimal)
Do a Google search for
password cracker "non printable" characters
And have fun collating the results.
Cheers,
Miguel
-----Original Message-----
From: dave kleiman [mailto:dave@isecureu.com]
Sent: 26 September 2005 15:00
To: 'Miguel Dilaj'
Cc: pen-test@securityfocus.com
Subject: RE: Password "security" - was"Passwords with Lan Manager (LM) under
Windows" and "Whitespace in passwords"
>
> Regarding "Whitespace in passwords", and as some people already
> mentioned, modern password cracking software (both commercial and
> free) can find non-printable chars, so space or ALT-whatever are going
> to be found anyway. Rainbow tables now tend to include space, but I
> still haven't heard of anyone producing a table for 0x00-0xff
> (0x0000-0xffff if you use extended unicode chars ;-)
> Applications CAN be broken by using strange characters, so YMMV.
>
Can you provide a list of those that have that ability, I will gladly test
them.
The most popular ones cannot i.e. L0pht, Cain etc. See:
http://www.securityfocus.com/archive/88/312263
Dave
***********************************************************************************************************
DISCLAIMER:
This e-mail contains proprietary information, some or all of which may be legally privileged.
It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail,
please notify the author by replying to this e-mail. If you are not the intended recipient you may not use,
disclose, distribute, copy, print or rely on this e-mail.
***********************************************************************************************************
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
- Previous message: Dragos Ruiu: "PacSec05"
- Maybe in reply to: Miguel Dilaj: "Password "security" - was"Passwords with Lan Manager (LM) under Windows" and "Whitespace in passwords""
- Next in thread: Hussein Ghazy (ProtechT): "Scripts found on web server"
- Reply: Hussein Ghazy (ProtechT): "Scripts found on web server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
