RE: Rainbow Tables

From: Tony Stark (stark192@hotmail.com)
Date: Thu Feb 09 2006 - 08:26:42 EST

• Next message: Ailton Caetano: "Re: Penetration test of 1 IP address"
• Previous message: pascal.cretain@gmail.com: "2 in 1: Vmware Limitations / Null Sessions"
• In reply to: Flory Jeffrey D Ctr 59 MDSS/MSISI: "RE: Rainbow Tables"
• Next in thread: Flory Jeffrey D Ctr 59 MDSS/MSISI: "RE: Rainbow Tables"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello Jeff,

Exactly what I am shooting for, that is what I am trying to do but finding
the pieces are sometimes difficult, thus my e-mail, since it looks like LC5
won’t be around any longer I don’t see many (easy to find) pre-computed
tables that work with LC5. But it looks like I came to the right place to
ask!

Once I get this project completed I am going to lay out a plan, baselines,
etc.. using the open source software so management knows how much quicker we
can get this work completed.

Thx,

Tony

>From: Flory Jeffrey D Ctr 59 MDSS/MSISI
><Jeffrey.Flory2.ctr@lackland.af.mil>
>To: "T.Dudek" <duderik@gmail.com>, ROB DIXON <RDIXON@workforcewv.org>
>CC: stark192@hotmail.com, pen-test@securityfocus.com
>Subject: RE: Rainbow Tables
>Date: Wed, 8 Feb 2006 13:22:21 -0600
>
>I have many tools within my aresenal that I maintain in order for me to do
>my daily tasks and duties protecting my network. I will test any tool that
>I think I can benefit from, once tested, I will brief the powers that be,
>and proceed to utilize my new found toy.
>
>I have downloaded and updated my LC5 so many times using various
>dictionaries, hashes, etc in order to keep the personnel where I work in
>compliance with all my directive policies.
>
>Jeff
>Gate Keeper
>
>-----Original Message-----
>From: T.Dudek [mailto:duderik@gmail.com]
>Sent: Wednesday, February 08, 2006 8:34 AM
>To: ROB DIXON
>Cc: stark192@hotmail.com; pen-test@securityfocus.com
>Subject: Re: Rainbow Tables
>
>
>One word: "pirated software".
>ok, so it's two words ;-)
>
>I've seen enough cases where the evildoers were using lophtcrack or the
>various commercial software/hardware keystroke loggers that you can buy.
>Most of the time it's pirated stuff, but why not use the best you can
>get/steal when you're a criminal? I'd say the "others" should be informed
>of
>both risks, and need to be reminded that "most likely" does not really mean
>anything. I wouldn't step on a plane that would "most likely" not crash..
>
>
>On 2/7/06, ROB DIXON <RDIXON@workforcewv.org> wrote:
> > Hey Tony,
> >
> > The "others" should be informed that the malicious attacker is most
> > likely to NOT use "commercial" products.
> >
> > And that for a true benchmark, maybe use the products that a malicious
> > attacker would use. Most of which will probably be open source or free
> > at the least. That is assuming that they are not writing their own
> > software. ;) I guess I'm asking, how do you justify "not" using free
> > products?
> >
> > You can buy pre-computated rainbow tables, but there are different
> > rainbowtables for different types of hashes. Example: ntlm, ntlmv2,
> > sha1 , md5, etc.
>
>----------------------------------------------------------------------------
>--
>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on your
>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>login pages, dynamic content etc. Firewalls, SSL and locked-down servers
>are
>
>futile against web application hacking. Check your website for
>vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before hackers
>do!
>Download Trial at:
>
>http://www.securityfocus.com/sponsor/pen-test_050831
>----------------------------------------------------------------------------
>---

_________________________________________________________________
Don’t just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Ailton Caetano: "Re: Penetration test of 1 IP address"
• Previous message: pascal.cretain@gmail.com: "2 in 1: Vmware Limitations / Null Sessions"
• In reply to: Flory Jeffrey D Ctr 59 MDSS/MSISI: "RE: Rainbow Tables"
• Next in thread: Flory Jeffrey D Ctr 59 MDSS/MSISI: "RE: Rainbow Tables"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:28 EDT