Re: Rainbow Tables

From: Tony Stark (stark192@hotmail.com)
Date: Thu Feb 09 2006 - 13:57:14 EST

• Next message: Aamir Niazi: "New to INformation Security World Please give your expert advicein this matter"
• Previous message: Sels, Roger: "RE: Penetration test of 1 IP address"
• In reply to: jalvare7@cajastur.es: "Re: Rainbow Tables"
• Next in thread: Simpson, Brett: "RE: Rainbow Tables"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

That was the first thing I tried, placed the cracked passwords into a file
and added it to the password list in LC5, removed the other lists just to
make sure it was working but it didn't make any difference, it was like the
dictionary attack didn't see the numbers or characters. I tested it a few
different ways and there was not change in the completion time.

Seems totally logical that it would work but each time I tried it I came up
with the dictionary attack taking the same amount of time to complete..

Tony

>From: jalvare7@cajastur.es
>To: "Tony Stark" <stark192@hotmail.com>
>CC: pen-test@securityfocus.com
>Subject: Re: Rainbow Tables
>Date: Thu, 9 Feb 2006 18:20:24 +0100
>
>I understand that you have an assignment and so you are compelled to do
>that. But, wouldn't it be easier to create a diccionary with the passwords
>in clar text?. In fact I believe LC5 can create a diccionary with the
>result of a session.
>
>Regards
>
>
>
>
>
>"Tony Stark" <stark192@hotmail.com>
>
>09/02/2006 14:19
>
>
> Para: pen-test@securityfocus.com
> cc: (cco: Juan Alvarez Ferrando/Auditoria Informatica/EXTERNOS
>CAJASTUR)
> Asunto: Re: Rainbow Tables
>
>
>
>Thank you all for the great suggestions! I now have some great resourses
>from where I can pull the info I need.
>
>
>Now, I've got a good one for you which may be a challange to come up with
>a
>solution.
>
>I have now been tasked to take a list of passwords and try to generate a
>precomputed hash table out of those passwords...not sure if this can be
>done
>but of course I have to find a way..since I am "holding up a project".
>
>Reason for this...the idea is that if we take the current list of
>passwords
>create a pre-computed hash table the next time we audit we'd run LC5 (till
>I
>convense them otehrwise) and all but the passwords that changed and new
>accounts would get knocked out right away.
>
>Does anyone have a hint as to how I should do this? Is there a way to take
>
>the hashes and the cracked clear text and merge them into a table?
>
>What is the best application foir creating pre-computed hash tables, that
>will work with LC5?
>
>Thanks again for your help and the great suggestions!!
>
>Tony
>
>_________________________________________________________________
>Express yourself instantly with MSN Messenger! Download today - it's FREE!
>
>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
>------------------------------------------------------------------------------
>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on your
>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>
>login pages, dynamic content etc. Firewalls, SSL and locked-down servers
>are
>futile against web application hacking. Check your website for
>vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before
>hackers do!
>Download Trial at:
>
>http://www.securityfocus.com/sponsor/pen-test_050831
>-------------------------------------------------------------------------------
>
>
>
>

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Aamir Niazi: "New to INformation Security World Please give your expert advicein this matter"
• Previous message: Sels, Roger: "RE: Penetration test of 1 IP address"
• In reply to: jalvare7@cajastur.es: "Re: Rainbow Tables"
• Next in thread: Simpson, Brett: "RE: Rainbow Tables"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:28 EDT