RE: Craking Serv-u passwords stored in .ini file.

From: Ferruh Mavituna (ferruh@mavituna.com)
Date: Thu Sep 02 2004 - 14:31:58 EDT


www.passcracking.com is for MD5 hashes.

Also there are some similar projects;
http://nz.md5.crysm.net/ (MD5)
http://sarcaprj.wayreth.eu.org/index.php (NT LM)
http://www.rootsecure.net/crypttmt/ (Closed!)
http://www.securitystats.com/tools/hashcrack.php (MD5 - SHA1 - NT - LANMAN -
NT4)

Ferruh Mavituna
http://ferruh.mavituna.com
PGP Key: http://ferruh.mavituna.com/pgpkey.asc

> -----Original Message-----
> From: Altheide, Cory B. (IARC) [mailto:AltheideC@nv.doe.gov]
> Sent: Thursday, September 02, 2004 8:36 PM
> To: 'Jérôme ATHIAS'; pen-test@securityfocus.com
> Subject: RE: Craking Serv-u passwords stored in .ini file.
>
> > -----Original Message-----
> > From: Jérôme ATHIAS [mailto:jerome.athias@caramail.com]
> > Sent: Wednesday, September 01, 2004 12:11 PM
> > To: pen-test@securityfocus.com
> > Subject: Re: Craking Serv-u passwords stored in .ini file.
> >
> > >i believe that is an md5 hash. there is a free service for cracking
> > >md5 = hashes that uses tables at http://passcracking.com
> > >
> > >peas audi
> > >
> > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > I believe this url will only crack LM hashes of Windows
> > passwords up to 14 characters using Rainbow Tables...
> >
> > I think it's quite different from MD5...
> >
>
> That's odd, because right at the top of the page, it says "MD5 ONLINE
> CRACKING." Also, the title of the page is "MD5 CRACK." Furthermore, the
> about section has clues like "This project is dedicated to crack md5
> hashes
> online through web interface" and "At the moment we can crack md5 hashes
> in
> this character range: a-z;0-9 [8] which means we can break almost all
> hashes
> (99.56%) which are created from lowercase plaintext with letters and/or
> digits up to length of 8 characters."
>
> In fact, Windows LM hashes aren't mentioned at all.
>
> I'm fairly certain that this URL will only crack MD5 hashes* and won't do
> much of anything useful with Lanman hashes.
>
> Cory Altheide
> Senior Network Forensics Specialist
> NNSA Information Assurance Response Center (IARC)
> altheidec@nv.doe.gov
>
> *unsalted
>
>
> --------------------------------------------------------------------------
> ----
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a
> course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------------------
> -----

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:03 EDT