From: Miguel Dilaj (Miguel.Dilaj@nccgroup.com)
Date: Fri Dec 02 2005 - 03:58:17 EST
Hi Chris,
You can give Lepton's Crack a try, depending on the algorithm you need
you'll need either the main branch from http://usuarios.lycos.es/reinob/
or Piero Brunati's version from http://www.nestonline.com/lcrack/. Both
versions support defining min/max pw length and charset, and they also
have a very powerful REGEX mode.
Lepton's Crack currently doesn't generate nor support rainbow tables,
but it comes with a small utility to produce precomputed "tables" that
are a slightly similar concept...
Cheers,
Miguel
-----Original Message-----
From: Chris Costantino [mailto:clckct@yahoo.com]
Sent: 01 December 2005 17:50
To: pen-test@securityfocus.com
Subject: policy-based password cracker
Hi all,
I am looking for a brute-force password cracker that can be configured
based on password policies. For example, I am trying to audit a system
that I know the security policy on (min/max pw length, complexity rules,
etc) What I want is to only brute-force passwords that fit that policy.
Obviously, min and max is not the issue, but I can not seem to find
anything that will only test passwords that meet complexity requirements
(lowercase alpha, uppercase alpha, number). Something that generates
this into a rainbow table would be even better.....
Anyone aware of such a tool?
Thanks in advance,
Chris
Miguel Dilaj
Pen Test Consultant
NCC Group
Manchester Technology Centre,
Oxford Road,
Manchester, M1 7EF
Tel: +44 (0)161 209 5459
Mobile: +44 (0)7811 352 848
Fax: +44 (0)161 209 5400
eMail: Miguel.Dilaj@nccgroup.com
website: www.nccgroup.com
***********************************************************************************************************
DISCLAIMER:
This e-mail contains proprietary information, some or all of which may be legally privileged.
It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail. If you are not the intended recipient you may not use,
disclose, distribute, copy, print or rely on this e-mail.
***********************************************************************************************************
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:13 EDT