RE: Password "security" - was"Passwords with Lan Manager (LM) under Windows" and "Whitespace in passwords"

From: Miguel Dilaj (mdilaj@nccglobal.com)
Date: Mon Sep 26 2005 - 10:28:14 EDT

• Next message: Max: "Looking for HP Laserjet emulator"
• Previous message: Dragos Ruiu: "PacSec05"
• Maybe in reply to: Miguel Dilaj: "Password "security" - was"Passwords with Lan Manager (LM) under Windows" and "Whitespace in passwords""
• Next in thread: Hussein Ghazy (ProtechT): "Scripts found on web server"
• Reply: Hussein Ghazy (ProtechT): "Scripts found on web server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Dave,

Lepton's Crack can, for sure. I dunno if the version with non-printable
characters is 20040914 or 20040916 (the later is not online, I'm afraid, I
have it on a CD somewhere).
Just had a look at the CHANGES file:

        20040914/
        - Added support for any ASCII character (ie. also non-printable) in
          the charset and regex definition, via \0(octal), \x(hex),
\(decimal)

Do a Google search for

        password cracker "non printable" characters

And have fun collating the results.
Cheers,

Miguel

-----Original Message-----
From: dave kleiman [mailto:dave@isecureu.com]
Sent: 26 September 2005 15:00
To: 'Miguel Dilaj'
Cc: pen-test@securityfocus.com
Subject: RE: Password "security" - was"Passwords with Lan Manager (LM) under
Windows" and "Whitespace in passwords"

>
> Regarding "Whitespace in passwords", and as some people already
> mentioned, modern password cracking software (both commercial and
> free) can find non-printable chars, so space or ALT-whatever are going
> to be found anyway. Rainbow tables now tend to include space, but I
> still haven't heard of anyone producing a table for 0x00-0xff
> (0x0000-0xffff if you use extended unicode chars ;-)
> Applications CAN be broken by using strange characters, so YMMV.
>

Can you provide a list of those that have that ability, I will gladly test
them.

The most popular ones cannot i.e. L0pht, Cain etc. See:
http://www.securityfocus.com/archive/88/312263

Dave

***********************************************************************************************************
DISCLAIMER:
This e-mail contains proprietary information, some or all of which may be legally privileged.
It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail,
please notify the author by replying to this e-mail. If you are not the intended recipient you may not use,
disclose, distribute, copy, print or rely on this e-mail.
***********************************************************************************************************

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Max: "Looking for HP Laserjet emulator"
• Previous message: Dragos Ruiu: "PacSec05"
• Maybe in reply to: Miguel Dilaj: "Password "security" - was"Passwords with Lan Manager (LM) under Windows" and "Whitespace in passwords""
• Next in thread: Hussein Ghazy (ProtechT): "Scripts found on web server"
• Reply: Hussein Ghazy (ProtechT): "Scripts found on web server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:00 EDT