Re: Rainbow Tables


That was the first thing I tried, placed the cracked passwords into a file and added it to the password list in LC5, removed the other lists just to make sure it was working but it didn't make any difference, it was like the dictionary attack didn't see the numbers or characters. I tested it a few different ways and there was not change in the completion time.

Seems totally logical that it would work but each time I tried it I came up with the dictionary attack taking the same amount of time to complete..

Tony


From: jalvare7@xxxxxxxxxxx
To: "Tony Stark" <stark192@xxxxxxxxxxx>
CC: pen-test@xxxxxxxxxxxxxxxxx
Subject: Re: Rainbow Tables
Date: Thu, 9 Feb 2006 18:20:24 +0100

I understand that you have an assignment and so you are compelled to do
that. But, wouldn't it be easier to create a diccionary with the passwords
in clar text?. In fact I believe LC5 can create a diccionary with the
result of a session.

Regards





"Tony Stark" <stark192@xxxxxxxxxxx>

09/02/2006 14:19


Para: pen-test@xxxxxxxxxxxxxxxxx
cc: (cco: Juan Alvarez Ferrando/Auditoria Informatica/EXTERNOS CAJASTUR)
Asunto: Re: Rainbow Tables



Thank you all for the great suggestions! I now have some great resourses
from where I can pull the info I need.


Now, I've got a good one for you which may be a challange to come up with
a
solution.

I have now been tasked to take a list of passwords and try to generate a
precomputed hash table out of those passwords...not sure if this can be
done
but of course I have to find a way..since I am "holding up a project".

Reason for this...the idea is that if we take the current list of
passwords
create a pre-computed hash table the next time we audit we'd run LC5 (till
I
convense them otehrwise) and all but the passwords that changed and new
accounts would get knocked out right away.

Does anyone have a hint as to how I should do this? Is there a way to take

the hashes and the cracked clear text and merge them into a table?

What is the best application foir creating pre-computed hash tables, that
will work with LC5?

Thanks again for your help and the great suggestions!!

Tony

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!

http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,

login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------





_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Relevant Pages

  • RE: VmWare and Pen-test Learning
    ... Setup a tftp server on your client machine. ... Use John the Ripper to crack the passwords. ... (dictionary attacks, brute force, single mode). ... Download FREE whitepaper on how a managed service can help ...
    (Pen-Test)
  • RE: Whitespace in passwords - now alt+xxx
    ... Subject: Whitespace in passwords ... 60 possible characters and the password is 7 characters long. ... >> Check your website for vulnerabilities to SQL injection, ... >> scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • RE: policy-based password cracker
    ... that required at least one upper, one lower and one number in all passwords. ... password checks can be eliminated due to the policy. ... Since the vast majority of the time for a brute-force attack is ... most brute-force attacks are very fast. ...
    (Pen-Test)
  • RE: Rainbow Tables
    ... Subject: Rainbow Tables ... Fortunatly for this project we are only doing LM passwords, ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • RE: passw0rd trial limit
    ... There are many "Default Password Lists" on the internet that are fairly ... compiled a personal list of passwords that I've run across. ... managed service can help you: http://www.cenzic.com/news_events/wpappsec.php ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)