Re: policy-based password cracker

From: David Cravshaw (david.cravshaw@gmail.com)
Date: Fri Dec 02 2005 - 10:56:21 EST

• Next message: Joshua Shaffer: "Re: Ping a mac address"
• Previous message: riftman: "Re: Layer 2 Trace"
• In reply to: Chris Costantino: "policy-based password cracker"
• Next in thread: Password Crackers, Inc.: "RE: policy-based password cracker"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Rainbowcrack supports customized charsets, so you can easily createyour own character set and place it in the charset.txt file.
custom = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]
(It's useful to note that if you're cracking LANMAN hashes, thecharset only needs to include uppercase alpha and not lowercase due tohow LM hashes are stored...)
Cain (http://www.oxid.it) can be configured to use a customizedcharacter set for brute-force attacks and might even be a little biteasier to use than John the Ripper...
On 12/1/05, Chris Costantino <clckct@yahoo.com> wrote:> Hi all,>> I am looking for a brute-force password cracker that> can be configured based on password policies. For> example, I am trying to audit a system that I know the> security policy on (min/max pw length, complexity> rules, etc) What I want is to only brute-force> passwords that fit that policy. Obviously, min and> max is not the issue, but I can not seem to find> anything that will only test passwords that meet> complexity requirements (lowercase alpha, uppercase> alpha, number). Something that generates this into a> rainbow table would be even better.....>> Anyone aware of such a tool?>> Thanks in advance,> Chris>>>> __________________________________________> Yahoo! DSL – Something to write home about.> Just $16.99/mo. or less.> dsl.yahoo.com>>> ------------------------------------------------------------------------------> Audit your website security with Acunetix Web Vulnerability Scanner:>> Hackers are concentrating their efforts on attac
king applications on your> website. Up to 75% of cyber attacks are launched on shopping carts, forms,> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are> futile against web application hacking. Check your website for vulnerabilities> to SQL injection, Cross site scripting and other web attacks before hackers do!> Download Trial at:>> http://www.securityfocus.com/sponsor/pen-test_050831> ------------------------------------------------------------------------------->>

• Next message: Joshua Shaffer: "Re: Ping a mac address"
• Previous message: riftman: "Re: Layer 2 Trace"
• In reply to: Chris Costantino: "policy-based password cracker"
• Next in thread: Password Crackers, Inc.: "RE: policy-based password cracker"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:13 EDT