RE: Craking Serv-u passwords stored in .ini file.

From: Altheide, Cory B. (IARC) (AltheideC@nv.doe.gov)
Date: Thu Sep 02 2004 - 13:35:45 EDT

• Next message: tclahr@br.ibm.com: "Web direcroty and files browser"
• Previous message: Chris Brenton: "Re: Tool to find hidden web proxy server"
• Maybe in reply to: [Arcangel]: "Craking Serv-u passwords stored in .ini file."
• Next in thread: Ferruh Mavituna: "RE: Craking Serv-u passwords stored in .ini file."
• Reply: Ferruh Mavituna: "RE: Craking Serv-u passwords stored in .ini file."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> -----Original Message-----
> From: Jérôme ATHIAS [mailto:jerome.athias@caramail.com]
> Sent: Wednesday, September 01, 2004 12:11 PM
> To: pen-test@securityfocus.com
> Subject: Re: Craking Serv-u passwords stored in .ini file.
>
> >i believe that is an md5 hash. there is a free service for cracking
> >md5 = hashes that uses tables at http://passcracking.com
> >
> >peas audi
> >
> >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> I believe this url will only crack LM hashes of Windows
> passwords up to 14 characters using Rainbow Tables...
>
> I think it's quite different from MD5...
>

That's odd, because right at the top of the page, it says "MD5 ONLINE
CRACKING." Also, the title of the page is "MD5 CRACK." Furthermore, the
about section has clues like "This project is dedicated to crack md5 hashes
online through web interface" and "At the moment we can crack md5 hashes in
this character range: a-z;0-9 [8] which means we can break almost all hashes
(99.56%) which are created from lowercase plaintext with letters and/or
digits up to length of 8 characters."

In fact, Windows LM hashes aren't mentioned at all.

I'm fairly certain that this URL will only crack MD5 hashes* and won't do
much of anything useful with Lanman hashes.

Cory Altheide
Senior Network Forensics Specialist
NNSA Information Assurance Response Center (IARC)
altheidec@nv.doe.gov

*unsalted

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: tclahr@br.ibm.com: "Web direcroty and files browser"
• Previous message: Chris Brenton: "Re: Tool to find hidden web proxy server"
• Maybe in reply to: [Arcangel]: "Craking Serv-u passwords stored in .ini file."
• Next in thread: Ferruh Mavituna: "RE: Craking Serv-u passwords stored in .ini file."
• Reply: Ferruh Mavituna: "RE: Craking Serv-u passwords stored in .ini file."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:03 EDT