Re: Craking Serv-u passwords stored in .ini file.

From: Nigel Stepp (stepp@atistar.net)
Date: Fri Sep 03 2004 - 09:29:45 EDT

• Next message: Chris Griffin: "Re: Patch management tool"
• Previous message: Edward W Howe: "Re: Patch management tool"
• In reply to: Altheide, Cory B. (IARC): "RE: Craking Serv-u passwords stored in .ini file."
• Next in thread: M. D.: "RE: Craking Serv-u passwords stored in .ini file."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Altheide, Cory B. (IARC) wrote:

>>-----Original Message-----
>>From: Scovetta, Michael V [mailto:Michael.Scovetta@ca.com]
>>Sent: Thursday, September 02, 2004 1:23 PM
>>To: Altheide, Cory B. (IARC); Jérôme ATHIAS;
>>pen-test@securityfocus.com
>>Subject: RE: Craking Serv-u passwords stored in .ini file.
>>
>>
>>I realize this is pedantic, but there's a fundamental
>>difference between "cracking" MD5 and looking up pre-computed
>>values.
[ snip ]
> The only real difference is by using precomputed tables you're front-loading
> your work and only doing computations that would normally be needlessly
> repetitive once. Otherwise the "cracking," as it were, is the basically
> same.

I think the point in question is that you are not cracking *MD5*. That
would entail finding a weakness in the MD5 algorithm that allowed you to
reverse the hash, or more easily find what created the hash you are
looking at.

Using rainbow tables and such is just brute force, and doesn't have a
lot to do with the specific hashing algorithm.

>
> -- Cory
>
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> -------------------------------------------------------------------------------
>

-- 
:wq
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: Chris Griffin: "Re: Patch management tool"
• Previous message: Edward W Howe: "Re: Patch management tool"
• In reply to: Altheide, Cory B. (IARC): "RE: Craking Serv-u passwords stored in .ini file."
• Next in thread: M. D.: "RE: Craking Serv-u passwords stored in .ini file."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:03 EDT