Welcome to The Professional Security Testers Warehouse for the CEH V7 GPEN CPTS CREST GCIH GREM OPST
Search
Nickname Password Security Code Security Code Type Security Code  
Be merry and kick off the new year with training

CCCure Quiz

We recommend:

Video Library

Skimming for ID theft
5 / 2
Views: 218
Comments: 2
11-01-2008 00:18

Latest version of ATM skimmer hidden behind a speaker looking device
5 / 3
Views: 232
Comments: 0
11-01-2008 00:11

ATM Scam, do check your ATM machine before using it
5 / 1
Views: 213
Comments: 0
10-31-2008 23:59

Forums Posts

Methodologies

Recommended PodCasts

Recommended Sites

Security Blogs

Security Forums

Best Downloads

Best Web Links

Survey

Whic of the following certifications would you like to get?

GPEN
GCIH
CEH
CREST
GREM
GSEC
CISSP
Security+
Other (please leave a comment)



Results
Polls

Votes: 347
Comments: 0

Who's Online

There are currently, 192 guest(s) and 1 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
The Professional Security Testers Warehouse for the CEH V7 GPEN CPTS CREST GCIH GREM OPST: Passwords

Search on This Topic:   
[ Go to Home | Select a New Topic ]

Cachedump - compatible with Windows Vista/7/2008
Posted by cdupuis on Friday, 25 February 2011 @ 13:28:01 EST (2977 reads)
Topic Passwords

Anonymous writes "

Dear List,

I have just developed a Metasploit post exploitation module to obtain cachedump remotely without injection into LSASS. The code is also compatible with new version on Microsoft Windows (Vista/7/2008), the hash can be cracked with John the Ripper patched with the last jumbo patch (mscash2).

You can find the ruby code here:

http://lab.mediaservice.net/code.php#cachedump

Cheers,

inode

--
Maurizio Agazzini                     CISSP, OPST
Senior Security Advisor
Team Manager
@ Mediaservice.net Srl                Tel: +39-011-32.72.100
Via San Bernardino, 17                Fax: +39-011-32.46.497
10141 Torino - ITALY                  http://mediaservice.net

"

(Read More... | Score: 0)


Cain & Abel v4.9.38 released
Posted by cdupuis on Wednesday, 02 February 2011 @ 08:57:43 EST (2388 reads)
Topic Passwords

Cain & Abel v4.9.38 has been released  --  See list of changes below:

- Added TCP/UDP Large Send Offloading status detection on Windows Vista/Seven.
- Better handling of APR-SSL MitM threads.
- Fixed a problem with APR in Windows7 causing attacker's machine to be isolated from poisoned hosts.
- Speed improvement in Credential Manager Password Decoder for x64 operating systems.
- Fixed a Cain's runtime error when SIP/RTP sniffer filter is disabled.
- SIP, MGCP and RTP sniffer filters are now separated.
- Fixed RTP sniffer filter to avoid processing Link-local Multicast Name Resolution (LLMNR) traffic on UDP port 5355.
- Fixed RTP sniffer filter to avoid processing SSDP traffic on UDP port 1900.
- Fixed RTP sniffer filter to avoid processing Multicast DNS (MDNS) traffic on UDP port 5353.
- Improved RTP protocol validation function.

(Read More... | Score: 0)


Bruter 1.1 has been released
Posted by cdupuis on Monday, 03 January 2011 @ 15:56:37 EST (2480 reads)
Topic Passwords

Bruter is a parallel network login brute forcer on Win32 platform only.

It currently (1.1) supports following services: 

FTP, HTTP, IMAP, MSSQL, MySQL, POP3, PgSQL, SIP, SMB, SMTP, SNMP, SSH2, Telnet, VNC, Web-Form

Source code, binary and documentation: http://sourceforge.net/projects/worawita

Changelog (since 1.0):

- Added protocols: PgSQL, SIP
- Auto detect "Max Attempt/Connection" when set it to -1
- Add "Password First" option (see documentation for more detail)
- Load/Save Setting also load/save service options
- Load/Save Setting also load/save state if program is testing (Save state)
- Added "wait for each try" option (to be able to slow down brute forcing)
- Display "found valid credential" message in message tab
- Fixed application sometimes crashs when using "Stop"
- Fixed maximum text length of message tab to unlimited
- Fixed HTTP library does not handle response code 100 correctly
- Fixed miscellaneous bugs
- Updated libssh2 binary to 1.2.6
- Updated openssl library to 1.0.0c
- Documentaion updates

FTP:
- Able to detect multi-line greeting message sent in separate packets (faster)

SIP: (new)
- Support digest authentication with REGISTER method with expire=0 (unregister)
- Support TCP/TLS with SIP-TCP

SMB:
- Allow multiple connections

SSH2:
- Modified the libssh2 to use less secure key exchange algorithm (a
little faster)
- Able to determine the connection state from libssh2 error (more reliable)
- Able to stop testing immediately

MSSQL:
- Re-implemented for better understanding fields in login packet

PgSQL: (new)
- Support password, md5 authentication

Email (SMTP, POP3, IMAP):
- Support NTLM authentication
- POP3: Support PLAIN, LOGIN authentication

HTTP: (changed name from HTTP (Basic))
- Support NTLM authentication
- Supoort Digest authentication

Web Form: (changed name from HTTP (Form))
- Able to follow the 301,302 redirection (1 time) then checking the result
- Fixed old cookies are not cleared when using "Load Form" in option dialog
- Fixed POST method sending extra "rnrn" at the end (Thanks to faicker)

If you have any comments, suggestions and problems, feel free to email me.

Worawit Wang

(Read More... | Score: 0)


Bruter 1.0 Parallell Password brute forcer has been released
Posted by cdupuis on Monday, 26 April 2010 @ 23:42:28 EDT (1702 reads)
Topic Passwords

Anonymous writes "

Hi all,

I'm glad to release Bruter 1.0. Bruter is a parallel network login brute forcer on Win32 platform only.

It currently supports following services:

FTP, HTTP (Basic), HTTP (Form), IMAP, MSSQL, MySQL, POP3, SMB-NT, SMTP, SNMP, SSH2, Telnet, VNC.

To see full changelog since alpha version:
http://sourceforge.net/projects/worawita/files/Bruter/Bruter%201.0/Changelog.txt/view

If you have any comments, suggestions and problems, feel free to email
to worawita [a][t] gmail.com.

Source code, binary and documentation:
http://sourceforge.net/projects/worawita

Worawit Wangwarunyoo

"

(Read More... | Score: 0)


Password Cracking: Do I need a faster CPU or a faster Drive
Posted by cdupuis on Monday, 15 March 2010 @ 07:23:39 EDT (1724 reads)
Topic Passwords

The security specialist Objectif Sécurité has optimised its rainbow tables – a common tool used to crack password hashes – to make use of SSDs. The result is, according to Objectif Sécurité's Philippe Oechslin, an acceleration by a factor of 100 when compared to their old 8GB Rainbow Tables for XP hashes. A web form takes the XP-hashes and cracks them for free with the new, ten times larger tables.

Oechslin has fitted an elderly Athlon 64 X2 4400+ with an SSD and the optimised tables. This system can, with only a 75% CPU utilisation, crack a 14 digit password with special characters, in an average of 5.3 seconds. Oechslin says that, worst case, it should be able to search arithmetically through 300 billion passwords per second, a speed that is a factor of 500 faster than an Elcomsoft cracker supported by a modern Tesla GPU from NVIDIA.

Calculations with rainbow tables achieve the acceleration by pre-computing the intermediate steps of all possible password hashes for a specific algorithm and then storing those results as a table. The more steps that are stored, the bigger the tables and the faster the cracking process. Once the tables no longer fit in memory, the less-used parts of the tables are saved on mass storage devices, previously this would have been a hard disk, which in turn leads to slower access times while searching them.

See also:

(Read More... | Score: 0)


RainbowCrack 1.4 is released
Posted by cdupuis on Wednesday, 22 July 2009 @ 12:03:41 EDT (2374 reads)
Topic Passwords

What's New

[July 22, 2009]RainbowCrack 1.4 is released

This version focus on more effective rainbow table file format. New features:

  • New compact rainbow table file format (.rtc) reduce rainbow table size by 50% to 56.25%
  • New rt2rtc utility convert rainbow table from raw file format (.rt) to compact file format (.rtc)
  • New rtc2rt utility convert rainbow table from compact file format (.rtc) to raw file format (.rt)
  • The rcrack/rcrack_cuda program support both .rt and .rtc rainbow table file format
  • Conversion from non-perfect to perfect rainbow table is supported by rt2rtc utility

Smaller rainbow table significantly improve table lookup performance!

Introduction

RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. It cracks hashes with rainbow tables.

Features:

  • Full time-memory tradeoff tool suites, including rainbow table generation, sort, conversion and lookup
  • Support rainbow table of any hash algorithm
  • Support rainbow table of any charset
  • Support rainbow table in raw file format (.rt) and compact file format (.rtc)
  • Computation on multi-core processor support
  • Computation on GPU (via NVIDIA CUDA technology) support (not freely available)
  • Computation on multi-GPU (via NVIDIA CUDA technology) support (not freely available)
  • Runs on Windows XP 32-bit and Windows Vista 32-bit
  • Command line user interface

A brute force hash cracker generate all possible plaintexts and compute the corresponding hashes on the fly, and then compare the hashes with the target hash. The plaintext is found if one of them match, otherwise the intermediate computation results are discarded.

A time-memory tradeoff hash cracker need a precomputation stage, at the time all plaintext/hash pair within the selected hash algorithm, charset, plaintext length range are computed and the results are stored in files called rainbow table. It is time consuming to do this kind of computation. Once the one time precomputation is finished, hashes within the table can be cracked with much better performance than a brute force cracker.

Performance

We compare performance of different GPU based hash cracking methods. The first is direct GPU based brute force; the second is GPU based time-memory tradeoff hash cracking implemented in RainbowCrack software. The time-memory tradeoff approach is always hundreds of times faster.

Performance data of RainbowCrack software is calculated based on test results of rainbow table "md5_ascii-32-95#1-7", "ntlm_ascii-32-95#1-7" and "lm_ascii-32-65-123-4#1-7" as listed in rainbow table page.

VISIT:  http://project-rainbowcrack.com/  for all the details

(Read More... | Score: 0)


L0phtCrack 6 has been Released
Posted by cdupuis on Wednesday, 27 May 2009 @ 23:06:23 EDT (2633 reads)
Topic Passwords

Anonymous writes "



L0phtCrack is Back

L0phtCrack 6 is packed with powerful features such as scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding. Yet it is still the easiest to use password auditing and recovery software available.

Password Scoring
L0phtCrack 6 provides a scoring metric to quickly assess password quality. Passwords are measured against current industry best practices, and are rated as Strong, Medium, Weak, or Fail.

Pre-computed Dictionary Support
Pre-computed password files is a must have feature in password auditing. L0phtCrack 6 supports pre-computed password hashes. Password audits now take minutes instead of hours or days.

Windows & Unix Password Support
L0phtCrack 6 imports and cracks Unix password files. Perform network audits from a single interface.

Remote password retrieval
L0phtCrack 6 has a built-in ability to import passwords from remote Windows, including 64-bit versions of Vista, Windows 7, and Unix machines, without requiring a third-party utility.

Scheduled Scans
System administrators can schedule routine audits with L0phtCrack 6. Audits can be performed daily, weekly, monthly, or just once, depending on the organization's auditing requirements.

Remediation
L0phtCrack 6 offers remediation assistance to system administrators on how to take action against accounts that have poor passwords. Accounts can be disabled, or the passwords can be set to expire from within the L0phtCrack 6 interface. Remediation works for Windows user accounts only.

Updated Vista/Windows 7 Style UI
The user interface is improved and updated. More information is available about each user account, including password age, lock-out status, and whether the account is disabled, expired, or never expires. Information on L0phtCrack 6's current session is provided in an "immediate window" with a reporting tab providing up-to-the-minute status of the current auditing session

More Info and Download

"

(Read More... | Score: 0)


L0phtCrack is back!
Posted by cdupuis on Thursday, 19 March 2009 @ 12:32:31 EDT (1776 reads)
Topic Passwords

Lou writes "

L0phtCrack is back! At a special information session at SOURCE Boston (Thursday, 10:15am), the team that brought you L0phtCrack will be releasing version 6 of the highly-acclaimed Windows password auditing tool. Come to the session to learn about this release, its new features and platform support, and the story of the product from the days of the L0pht, to @stake, Symantec, and finally back to the L0pht.

Expect www.l0phtcrack.com to go live soon!

"

(Read More... | Score: 0)


RainbowCrack 1.3 has been released
Posted by cdupuis on Friday, 13 February 2009 @ 15:42:17 EST (2122 reads)
Topic Passwords

What's New

[February 12, 2009] RainbowCrack 1.3 is released

RainbowCrack 1.3 is released, with following new features:

  1. Multicore processor support
  2. Overlapped computation and harddisk read
  3. Improved hash algorithm performance of NTLM and MD5
  4. Fully backward compatible with existing rainbow tables generated by earlier versions of RainbowCrack
  5. Other enhancements

A proof of concept implementation of GPU accelerated RainbowCrack is also provided, with the use of CUDA technology.

Introduction

RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack software is a hash cracker that use time-memory tradeoff algorithm.

A brute force hash cracker generate all possible plaintexts and compute the corresponding hashes on the fly, and then compare the hashes with the target hash. The plaintext is found if one of them match, otherwise the intermediate computation results are discarded.

A time-memory tradeoff hash cracker need a precomputation stage, at the time all plaintext/hash pair within the selected hash algorithm, charset, plaintext length range are computed and the results are stored in files called rainbow table. It is time consuming to do this kind of computation. Once the one time precomputation is finished, hashes within the table can be cracked with much better performance than a brute force cracker.

Download
software source code platform supported hash algorithm supported charset
rainbowcrack-1.3-win.zip NA windows LM, NTLM and MD5, support of other algorithms is to be documented [TODO] any
rainbowcrack-1.2-win.zip rainbowcrack-1.2-src.zip windows and linux LM, MD5 and SHA1, apply hash algorithm patch to support other algorithms any
Documentation

[TODO] Documentation for RainbowCrack 1.3 are not ready yet. Lots of documentation for RainbowCrack 1.2 are outdated, I am planning to renew all of them in following weeks.

Rainbow Table

LM configuration #6 table set

hash algorithm LM
charset alpha-numeric-symbol32-space = [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|:;"'<>,.?/ ]
(Because the LM hash algorithm convert all lowercase characters in password into uppercase, it is not necessary to include lowercase characters in charset of any LM tables.)
plaintext length range 1 to 7
(Because the LM hash algorithm break 14 character password into two 7 character chunks and hash them seperately, the 1 to 7 plaintext length configuration is capable of crack password up to 14 characters.)
keyspace 7555858447479 (2^42.8)
table size 64 GB
success rate 0.999
table generation commands rtgen_lm_cfg6.txt
performance 30 LM hashes with random plaintexts are generated to test these 64 GB table set. A total of 3 tests are run, with 10 hashes used in each run.

The total program runtime to crack all hashes are as follows:

RainbowCrack 1.2 on Core2 Duo E7300
Test 1 (10 LM hashes): 1045.89 seconds
Test 2 (10 LM hashes): 1552.02 seconds
Test 3 (10 LM hashes): 1325.65 seconds

RainbowCrack 1.3 on Core2 Duo E7300
Test 1 (10 LM hashes): 516.11 seconds
Test 2 (10 LM hashes): 771.69 seconds
Test 3 (10 LM hashes): 740.38 seconds

As the possible plaintext number is 7555858447479, and the time to crack the hashes is 516.11 seconds in Test 1 of RainbowCrack 1.3. The equivalent plaintext search speed is 7555858447479/516.11 = 14640 Million plaintexts/second.

(Read More... | Score: 0)


FreeRainbowTables.com news
Posted by cdupuis on Friday, 28 November 2008 @ 21:12:30 EST (1714 reads)
Topic Passwords

FreeRainbowTables.com has recently moved to the BOINC platform for generation of rainbow tables.

We are happy to share the news with our users, and we hope you will continue to help us generate more rainbow tables.

It is easy to htlp us in the generation of high quality rainbow tables. Simply visit our download page ( http://www.freerainbowtables.com/en/download/ ) and follow the instructions.

Thanks

/JA

(Read More... | Score: 0)


Brute forcing just got a little smarter at AWLG.org
Posted by cdupuis on Wednesday, 26 November 2008 @ 14:04:13 EST (1734 reads)
Topic Passwords

NOTE FROM CLEMENT:
Matt has been a PST member for a while and he sent me the following news:

Sender's Name: Matt
Sender's Email: matt@awlg.org

http://awlg.org/index.gen

I just wanted to make you and your associates aware of a new online web app I've coded called the Associative Word List Generator (AWLG) located at AWLG.org.

Basically, AWLG will take user words and phrases and search the internet for words associated with the user's input. As such, AWLG allows people to generate relevant word lists with minimal effort.

These word lists can then be used for ethical brute forcing, keyword generation, etc.

For a flash demo, visit http://www.awlg.org/awlg/whatis.gen

I'd be glad to answer any questions you may have.

Also, please feel free to share what you know about this tool with anyone you wish, as AWLG is officially in beta now.

Thanks,

Matt G.
matt@awlg.org
http://awlg.org/index.gen

(Read More... | Score: 0)


fgdump (2.0.0) and pwdump (1.7.1) has been released
Posted by boss on Monday, 28 April 2008 @ 12:46:37 EDT (6483 reads)
Topic Passwords

Anonymous writes "Folks,

The foofus.net team is pleased to announce updates to both fgdump (2.0.0) and pwdump (1.7.1), which incorporate a number of new features, the most significant of which is that both tools now support 64-bit targets.

We are also pleased to announce the creation of a mailing list for the purposes of tool support, bug reports, feature requests and new revision announcements. This mailing list currently covers fgdump, pwdump and medusa. Feel free to sign up at http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net.

For all the details on the latest fgdump and pwdump releases, please visit their home pages:

http://www.foofus.net/fizzgig/fgdump

http://www.foofus.net/fizzgig/pwdump


As always, please contact me with any bug reports or feature requests.

--f fizzgig@foofus.net"

(Read More... | Score: 0)


SShatter -- A brute force tool for SSH
Posted by boss on Saturday, 06 October 2007 @ 21:19:52 EDT (1988 reads)
Topic Passwords

Anonymous writes " All, SSHatter, the SSH brute forcer is now up to release 0.6. New since the last announcement include:

* Changes allowing rudimentary username enumeration via timing attacks. These changes has been validated against OpenSSH 3.5p1. The attack is as described in:

http://www.securityfocus.com/archive/1/archive/1/448025/100/0/threaded

* Targets and usernames are now specified in a file and targets can now be specified one per line in the format [:].

* Reconnection can optionally be enabled where support on connection failures have occurred.

* A default passwords list (taken from http://www.nth-dimension.org.uk/downloads.php?id=30) has also been added.

* Fixes for systems configured with AllowUsers have added as these systems do not return "Permission denied" on Net::SSH::Perl->login().

This latest version can be downloaded from: http://www.nth-dimension.org.uk/downloads.php?id=34.

Remember, auditing systems without permission may be a crime, always read the label.

Tim -- Tim Brown
mailto:timb@nth-dimension.org.uk
http://www.nth-dimension.org.uk/ "

(Read More... | Score: 0)


New version of PWDUMP6 and FGDump have been released
Posted by boss on Thursday, 21 June 2007 @ 22:42:09 EDT (1745 reads)
Topic Passwords

Anonymous writes "I am pleased to announce a new version of pwdump6 and its more powerful brother fgdump. Both programs are now at version 1.6.0.

The primary change in both packages is that they will once again, for the time being, sneak by antivirus more easily. This is strictly to allow the majority of the userbase, who are legitimate pen-testing users, to carry out their work unfettered. Feel free to read my brief dissertation on the subject (particularly folks from AV vendor land!) on the site. AV will eventually catch up and we'll have to play this game all over again, but for now, this should help some.

fgdump was also fixed to correct a problem when running locally - if you've received the infamous "error 2" message before, you should find that no longer occurs! As always, for pwdump6 users, I recommend highly that you switch to fgdump - I doubt you will regret it. :)

The relevant links are:

http://www.foofus.net/fizzgig/fgdump

and

http://www.foofus.net/fizzgig/pwdump

As always, email me with any questions, concerns or suggestions.


--fizzgig
"

(Read More... | Score: 0)


fgdump 1.5.0 and pwdump 1.5.0 Released!
Posted by boss on Tuesday, 27 March 2007 @ 17:32:37 EDT (1650 reads)
Topic Passwords

Anonymous writes "Good day pen-test folks,

I am pleased to announce the release of pwdump6 1.5.0 as well as fgdump 1.5.0 at the following locations:

http://www.foofus.net/fizzgig/fgdump
http://www.foofus.net/fizzgig/pwdump
For those unfamiliar with the tools, allow me to briefly summarize.

pwdump6 is an updated version of the classic Windows password hash dumper pwdump3e. It has been updated to circumvent DEP which caused crashes on newer operating systems, and has also had several features added to make it more usable.

fgdump is a more powerful version of pwdump6 that performs cached credential dumps of a target host as well as stopping several brands of antivirus while the dumps are running. It is also fully multi-threaded and supports several means of targeting large numbers of hosts. I recommend using fgdump for most pen-test activities, as it has served us well over the past couple of years.

Version 1.5.0 of both programs takes advantage of some changes which makes them less likely to be detected by antivirus, at least as of today. This will be particularly helpful to those of you dealing with recent, more aggressive AV solutions. I have also updated the README file for pwdump6 to give some examples, as it seems some folks were having a hard time figuring out how to get started with it.

As always, I welcome feedback and suggestions, and am certainly willing to help you troubleshoot if you find yourself facing problems.

Enjoy!

--fizzgig"

(Read More... | Score: 0)

Our Sponsors

Best training in the world

Login

Nickname

Password

Security Code:
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Latest Windows Tools

Latest Linux Tools

Virtual Machines VM's

Hacker's Magazine

Web & Apps Security

Scanning Service

Reverse Engineering

Vulnerabilities Research

Big Story of Today

There isn't a Biggest Story for Today, yet.

Old Articles

Saturday, January 27
· HalfLMChallenge Rainbow Tables
Friday, January 26
· Free RainbowCrack Cracker online
Thursday, December 28
· Free Rainbow Tables Project
Wednesday, December 27
· Hak5 Rainbow Tables Lan Manager ALL available for Download
Friday, December 22
· PWDumpX 1.1 has been released -- Dumps the domain cache
Tuesday, December 12
· fgdump 1.4.0 and pwdump6 1.4.3 released
Tuesday, December 05
· Distributed Rainbow Tables Generator -- Lend them your CPU cycles
Tuesday, November 28
· New Windows tool - PWDumpX v1.0
Tuesday, November 14
· Cain & Abel v3.8 released
Monday, October 30
· Free Rainbow Tables Available for Download
Friday, October 20
· Version 1.3 of Medusa is now available
Thursday, May 11
· Version 1.7.1 of John the ripper is out
Thursday, May 04
· Version 1.1 of Medusa is now available
Thursday, March 30
· OphCrack 2.2 Released
Sunday, March 19
· PWDump6 Version 1.2 Beta has been released

Older Articles

Wi-Fi Security


You can syndicate our news using the file backend.php or ultramode.txt


All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2003-2008 by Clement Dupuis and Nathalie Lambert (Site Maintainers).

 


 

 


Page Generation: 0.64 Seconds