password cracking « Eikonal Blog

2010.07.13

Stages of checking password crackability

Filed under: infosec, Penetration Testing, VA (Vulnerability Assessment) — Tags: default passwords, password cracking — sandokan65 @ 14:09

Check if password is empty.
Check if password is equal to the username.
For system (or application) provided accounts, use the Google to find default passwords provided by manufacturers’, and test them against these accounts on your system(s).
Check if password is in the custom assembled corporate dictionary.
Check if password is in the selected language’s dictionary. (see: http://eikonal.wordpress.com/2010/03/29/default-passwords/)
Check if password is a dictionary word + one digit.
Check if password is an 311tized word.
Is password the concatenation of multiple words.
Check in the database of precomputed password hashes.
Desperate measure: brute force cracking.

Comments (1)

2010.06.17

Cracking Kerberos passwords

Filed under: infosec — Tags: Kerberos, password cracking — sandokan65 @ 08:42

The only tool I know residing on this niche is ntsecurity’s KerbCrack/KerbSniff (http://ntsecurity.nu/toolbox/kerbcrack/).

Usage:

kerbcrack.exe kerbcap.snf -b1 9

Comments (1)

2010.05.25

John the Ripper

Filed under: infosec — Tags: John the Ripper, linux, OpenVMS, password cracking, SYSUAF.DAT, unix — sandokan65 @ 15:16

Places

Home – http://www.openwall.com/john/
Custom binary builds, by various users – http://openwall.info/wiki/john/custom-builds

Simple dictionary-based cracking

For Linux systems, the hashed passwords are contained in the /etc/shadow file. To use John the ripper, one needs both that file and /etc/passwd.

Unshadowing:
./unshadow.exe passwd.txt shadow.txt > passwd-unshadowed.txt
To run John against the unshadowed password file passwdFile-unshadowed.txt using the predefined word-list mywords.lst, run
following:
./john.exe –wordlist=mywords.lst passwd-unshadowed.txt
To see the cracked passwords run:
./john.exe –show passwdFile-unshadowed.txt
and to save that file:
./john.exe –show passwdFile-unshadowed.txt > passwdFile-cracked.txt

Articles

“Linux Password Cracking: Explain unshadow and john commands ( john the ripper tool )” by Vivek Gite (UnixCraft) – http://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/
“Cracking OpenVMS passwords with John the Ripper” by Jean-loup Gailly – http://gailly.net/security/john-VMS-readme.html
- John the Ripper v1.3.6 source package patched to include OpenVMS SYSUAF.DAT files parsing – http://gailly.net/security/john-VMS-readme.html. It compiles well on Cygwin.
So far, John does not work for SHA hashes. A patch allowing one to do this is presented at:
- “Re: “No password hashes loaded” on Ubuntu 9.04″ by Solar Designer (2009.09.02) – http://www.openwall.com/lists/john-users/2009/09/02/3
- “Crack Password with John the Ripper on Ubuntu 9.10″ by Junjun Mao (2010.02.01) – http://pka.engr.ccny.cuny.edu/~jmao/node/26
This patch allows use of John against SSH type hashes, but requires running John on the same type of system (i.e. unix system that supports the same hashes in logon authentication module).

Related here: Default passwords, wordlist and Rainbow tables – http://eikonal.wordpress.com/2010/03/29/default-passwords/

Comments (3)

2010.05.21

Cisco “password 7″

Filed under: crypto, infosec — Tags: cisco, password 7, password cracking — sandokan65 @ 14:13

“How do I Decrypt Cisco Passwords?” – http://www.topbits.com/decrypt-cisco-passwords.html
Cisco password decryption – http://insecure.org/sploits/cisco.passwords.html

Local info:

Cisco “password 7″ decryption – Perl code (2010.01.28) – http://eikonal.wordpress.com/2010/01/28/ciso-password-7-decryption-perl-code/
Cisco “Password 7″ Cracker – javascript code (2010.01.07) – http://eikonal.wordpress.com/wp-admin/post-new.php
Cisco “Password 7″ Cracker – C code (2010.05.21) – http://eikonal.wordpress.com/2010/05/21/cisco-%e2%80%9cpassword-7%e2%80%b3-decryption-%e2%80%93-c-code/

Comments (4)

2010.03.17

Infosec blogs

Filed under: infosec — Tags: auditcast, Bruce Scheier, David Hoelzer, exotic liability, infosec blogs, infosec podcasts, Nipper, password cracking, password strength, passwords, qualys, SANS, Schneier On Security, Slight Paranoia — sandokan65 @ 09:52

A Day In The Life of an Information Security Officer – http://blogs.ittoolbox.com/security/
An Information Security Place podcast – http://infosecplace.com/blog/
Anti-Virus rants: http://anti-virus-rants.blogspot.com/
Anton Chuvakin Personal Blog: http://chuvakin.blogspot.com/
Art of Hacking – http://artofhacking.com/
Auditcast by David Hoelzer (podcasts) – http://auditcasts.com/ | RSS – http://feeds.feedburner.com/AuditcastsWithDavidHoelzer
- # 1 : Auditing Routers and Switches with Nipper – http://auditcasts.com/screencasts/1 | MOV – http://auditcasts.com/videos/mov/videos/1/Episode%201%20-%20Routers%20and%20Switches.mov?1307548856 | Auditing Routers & Switches with Nipper Show Notes – http://it-audit.sans.org/blog/2011/06/07/auditing-routers-switches-with-nipper-show-notes
Audit Monkey’s blog – http://auditmonkey.wordpress.com/
Authentium Virus Blog: http://blogs.authentium.com/virusblog/
Browser Fun: http://browserfun.blogspot.com/
Carna0wnage blog – http://carnal0wnage.attackresearch.com/ has a lot of metasploit tricks.
CSO Security Insights podcast – http://www.csoonline.com/podcasts
Cisco Security (corporate) – http://blogs.cisco.com/security
Computer Security @ Big Blog – http://bigblog.com/computer_security.html
Connectivity – http://itknowledgeexchange.techtarget.com/connectivity/
CYBER ARMS – Computer Security – http://cyberarms.wordpress.com/
CyberSecurity news – http://cybersecuritynews.org/
D90 Tools & Techniques: http://www.d90.us/toolbox/
Darknet.org – http://www.darknet.org.uk/
Declan McCullagh: Politech – http://www.politechbot.com/- DEFUNCT | The Iconoclast – http://www.news.com/the-iconoclast/
Dominic White > .tHE pRODUCT: http://singe.rucus.net/blog/
“Defensive Computing” by MIchael Horowitz (at CNet) – http://news.cnet.com/defensive-computing/ | RSS: http://news.cnet.com/2547-1_3-0-20.xml
Emergent Chaos by Adam Shostack and ensemble – http://www.emergentchaos.com/
Essential Computer Security – http://www.tonybradley.com/
::eSploit:: – http://esploit.blogspot.com/ – looks like a blog linking to the various security/hacking resources.
Evil Bytes by John Sawyer – http://www.darkreading.com/blog/archives/evil_bytes/index.html
Exotic Liability (podcast): http://exoticliability.libsyn.com/| http://www.exoticliability.com/| http://www.podcastalley.com/podcast_details.php?pod_id=75883
Focus and Planning for Success in Business: http://salmankkhan.blogspot.com/
Fortiguard blog (corporate) – http://blog.fortinet.com/
Frequency X (ISS) blog (corporate) – http://blogs.iss.net/
Graham Cluley’s (Sophos) blog – http://www.sophos.com/blogs/gc/
How To Combat Spam Blog. By Anti-Spam Activist Ryan Pitylak: http://combatspam.blogspot.com/
I Think….Therefore This Blog – http://vasim.blogspot.com/
InvisibleThings: http://theinvisiblethings.blogspot.com/
Information Security Resources: http://information-security-resources.com/
- Physical security: http://information-security-resources.com/category/physical-security/
Insights Into Information Security – http://www.randybias.com/
Jeremiah Grossman’s (White Hat Security) blog: http://jeremiahgrossman.blogspot.com/
Jesper’s Blog: http://msinfluentials.com/blogs/jesper/
Jibbering musings: http://jibbering.com/blog/
Kaos.Theory: Fractal blog: http://theory.kaos.to/blog/
Krebs on Security – http://www.krebsonsecurity.com/
“The Laws of Vulnerabilities” by Wolfgang Kandek (Qualys) – http://laws.qualys.com/
Lenny Zeltser security blog – http://zeltser.com/
- Critical Log Review Checklist for Security Incidents – http://zeltser.com/log-management/security-incident-log-review-checklist.html
- Analyzing Malicious Documents Cheat Sheet – http://zeltser.com/reverse-malware/analyzing-malicious-documents.html
- Security Architecture Cheat Sheet for Internet Applications – http://zeltser.com/security-management/security-architecture-cheat-sheet.html
- Troubleshooting Human Communications – http://zeltser.com/cheat-sheets/human-communications-cheat-sheet.html
- Security Incident Survey Cheat Sheet for Server Administrators – http://zeltser.com/network-os-security/security-incident-survey-cheat-sheet.html
- Initial Security Incident Questionnaire for Responders – http://zeltser.com/network-os-security/security-incident-questionnaire-cheat-sheet.html
- Reverse-Engineering Malware Cheat Sheet – http://zeltser.com/reverse-malware/reverse-malware-cheat-sheet.html
- Network DDoS Incident Response Cheat Sheet – http://zeltser.com/network-os-security/ddos-incident-cheat-sheet.html
- Information Security Assessment RFP Cheat Sheet – http://zeltser.com/security-assessments/security-assessment-rfp-cheat-sheet.html
Light Blue Touchpaper: http://www.lightbluetouchpaper.org/; Security Research, Computer Laboratory, University of Cambridge
Marcus Ranum – http://www.ranum.com/
Mark Rusinovich:
- Mark’s blog: http://blogs.technet.com/markrussinovich/
- Sysinternals blog: http://blogs.technet.com/sysinternals/
- Sysinternals forum: http://forum.sysinternals.com/
McAfee Avert Labs Blog: http://www.avertlabs.com/research/blog/
Metasploit: http://metasploit.blogspot.com/
Microsoft security response center (corporate) – http://blogs.technet.com/msrc/
Mister Reiner – http://misterreiner.wordpress.com/
Network Security Blog – http://www.mckeay.net/
Network Security Consulting Blog – http://blog.emagined.com/
Ninda Diary: http://nindadiary.wordpress.com/: cryptography| database hacking| hack tools, utilities and exploits| hardware hacking| virology| web hacking
Patch Day Review – http://www.patchdayreview.com/
PaulDotCom (Paul Asadoorian): site/blog – http://pauldotcom.com/| podcast (“Security Weekly”) – http://pauldotcom.com/security-weekly/, http://itunes.apple.com/us/podcast/pauldotcom-hack-naked-tv/id121896233
Praetorian Prefect – http://praetorianprefect.com/
Qaddisin Security Blog – http://blog.qaddisin.com/
Rational Survivability by Chris Hoff – http://www.rationalsurvivability.com/blog/
Ryan Pitylak’s Personal Blog – Current Events: http://ryanpitylak.blogspot.com/
SANS Audit Blog – http://it-audit.sans.org/blog
SANS ISC Stormcast (podcast) – http://isc.sans.org/podcast.html
SANS Internet Storm Center – http://isc.sans.org/
SecuriTeam Blogs: http://blogs.securiteam.com/
Security Week – http://www.securityweek.com/
SecBarbie by Erin Jacobs – http://www.secsocial.com/blog/
Security Catalyst podcast – http://www.securitycatalyst.com/blog/security-catalyst-podcast/
Security Incite by Mike Rothman – http://securityincite.com/blog/mike-rothman
Security Uncorked – http://securityuncorked.com/
Shell is only the Beginning: http://www.darkoperator.com/
Schneier On Security – Bruce Scheier’s blog: http://www.schneier.com/| Cryptogram newsletter archive: http://www.schneier.com/crypto-gram-back.html| Cryptogram security podcast: http://crypto-gram.libsyn.com/
Slight Paranoia – http://paranoia.dubfire.net/ – Analysis and opinion by Christopher Soghoian, security and privacy researcher.
SpyChips blog by Katherine Albrecht – http://www.spychips.com/blog/index.html
strawberryJAMM’s Security and User Experience WebLog – http://blogs.technet.com/strawberryjamm/default.aspx
SunbeltBLOG: http://sunbeltblog.blogspot.com/, http://www.sunbeltblog.blogspot.com/
TaoSecurity (by Richard Bejtlich) – http://taosecurity.blogspot.com/
The Security Blog (SIC!) – http://www.thesecurityblog.com/
ThreatPost – http://www.threatpost.com/
Troy Jessup’s Security Blog – http://www.ndnn.org/blog/
Troy Hunt’s blog – http://www.troyhunt.com/
- A brief Sony password analysis – http://www.troyhunt.com/2011/06/brief-sony-password-analysis.html
- The only secure password is the one you can’t remember – http://www.troyhunt.com/2011/03/only-secure-password-is-one-you-cant.html
- The 3 reasons you’re forced into creating weak passwords – http://www.troyhunt.com/2011/03/3-reasons-youre-forced-into-creating.html
- Bad passwords are not fun and good entropy is always important: demystifying security fallacies – http://www.troyhunt.com/2011/04/bad-passwords-are-not-fun-and-good.html
Uncommon Sense Security by Jack Daniel – http://blog.uncommonsensesecurity.com/
Unspecific – http://www.unspecific.com/
- Nmap tools – http://www.unspecific.com/nmap/
Usable Security – http://usablesecurity.com/
Wirewatcher – http://wirewatcher.wordpress.com/
Zero Day (by Ryan Naraine and Dancho Danchev) – http://www.zdnet.com/blog/security

—–
Similar collections (and partial sources) of links:

Security Blog Log – http://wikihead.wordpress.com/2010/02/20/security-blog-log/

Comments (2)

2010.01.28

Cisco “password 7″ decryption – Perl code

Filed under: infosec — Tags: cisco passwords, password 7, password cracking, Perl — sandokan65 @ 17:19

Source: somewhere from the web.

#!/usr/bin/perl -w
# $Id: ios7decrypt.pl,v 1.1 1998/01/11 21:31:12 mesrik Exp $
#
# Credits for orginal code and description hobbit@avian.org,
# SPHiXe, .mudge et al. and for John Bashinski 
# for Cisco IOS password encryption facts.
#
# Use for any malice or illegal purposes strictly prohibited!
#

@xlat = ( 0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41,
          0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c,
          0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53 , 0x55, 0x42 );

while () {
        if (/(password|md5)\s+7\s+([\da-f]+)/io) {
            if (!(length($2) & 1)) {
                $ep = $2; $dp = "";
                ($s, $e) = ($2 =~ /^(..)(.+)/o);
                for ($i = 0; $i < length($e); $i+=2) {
                    $dp .= sprintf "%c",hex(substr($e,$i,2))^$xlat[$s++];
                }
                s/7\s+$ep/$dp/;
            }
        }
        print;
}

Comments (1)

2010.01.07

Cisco “Password 7″ Cracker – javascript code

Filed under: crypto, infosec — Tags: cisco passwords, password 7, password cracking — sandokan65 @ 13:48

Source: http://www.ifm.net.nz/cookbooks/passwordcracker.html

<script language="JavaScript1.2" type="text/javascript">
<!--
// Is the character a digit?
function isDigit(theDigit) 
{ 
    var digitArray = new Array('0','1','2','3','4','5','6','7','8','9')

    for (j = 0; j < digitArray.length; j++)  {
        if (theDigit == digitArray[j]) 
            return true 
    } 
    return false 
} 


// Generate a config file ready for loading
function crackPassword(form)
{
    var crypttext=form.crypttext.value.toUpperCase()
    var plaintext=''
    var xlat="dsfd;kfoA,.iyewrkldJKDHSUBsgvca69834ncxv9873254k;fg87"
    var seed, i, val=0

    if(crypttext.length & 1)
        return

    seed = (crypttext.charCodeAt(0) - 0x30) * 10 + crypttext.charCodeAt(1) - 0x30

    if (seed > 15 || !isDigit(crypttext.charAt(0)) || !isDigit(crypttext.charAt(1)))
        return

        for (i = 2 ; i <= crypttext.length; i++) {
                if(i !=2 && !(i & 1)) {
                        plaintext+=String.fromCharCode(val ^ xlat.charCodeAt(seed++))
            seed%=xlat.length
                        val = 0;
                }

                val *= 16

        if(isDigit(crypttext.charAt(i))) {
            val += crypttext.charCodeAt(i) - 0x30
            continue
        }


        if(crypttext.charCodeAt(i) >= 0x41 && crypttext.charCodeAt(i) <= 0x46) {
            val += crypttext.charCodeAt(i) - 0x41 + 0x0a
            continue
        }

        if(crypttext.length != i)
            return
        }

    form.plaintext.value=plaintext
}

-->
</script>

<form name="never-you-mind" id="never-you-mind" action="#">
<table border="1">
  <tbody><tr><td>
<p>
Type 7 Password:
  <input name="crypttext" size="60" type="text">
</p>

<p>
  <input value="Crack Password" onclick="crackPassword(this.form)" type="button">
</p>
<p>Plain text:
  <input name="plaintext" size="40" type="text">
</p>
</td></tr></tbody></table>
</form>

2010.01.06

Passwords cracking

Filed under: infosec — Tags: Brutus, Cain and Abel, crackers, FSCrack, John the Ripper, L0phcrack, OphCrack, password 7, password cracking, pwdump, Rainbow Crack, WPACracker — sandokan65 @ 15:53

Offline crackers

Cain and Abel – http://www.oxid.it/cain.html
John the Ripper – http://www.openwall.com/john/
FSCrack – http://www.foundstone.com/us/resources/termsofuse.asp?file=fscrack.zip
Brutus – http://www.hoobie.net/brutus/
OphCrack – http://ophcrack.sourceforge.net/
- Description: http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/
THC Hydra – http://freeworld.thc.org/thc-hydra/
RainbowCrack – http://project-rainbowcrack.com/
- Pre-computed tables can be bought here – http://project-rainbowcrack.com/buy.php
L0phtcrack – http://www.l0phtcrack.com/
Aircrack –
Airsnort –
SolarWinds –
Pwdump – Windows LM and NTLM password hashes dumper – http://en.wikipedia.org/wiki/Pwdump. Has numerous implementations:
http://samba.org/samba/ftp/pwdump/ |
http://www.securiteam.com/tools/5ZQ0G000FU.html |
pwdump6 – http://www.foofus.net/~fizzgig/pwdump/ |
fgdump – http://www.foofus.net/~fizzgig/fgdump/ |
pwdump7 – http://www.tarasco.org/security/pwdump_7/index.html
WPACracker – http://www.wpacracker.com/ [ONLINE CRACKER]

Online tools

Cisco Password Cracker (2007.06) – http://www.ifm.net.nz/cookbooks/passwordcracker.html
Microsoft’s online password strength checker – https://www.microsoft.com/protect/fraud/passwords/checker.aspx?WT.mc_id=Site_Link
Javascript Password Strength Meter – http://www.geekwisdom.com/dyn/passwdmeter. Local copy of code: http://eikonal.wordpress.com/2010/07/14/javascript-password-strength-meter/.

Articles

“Everyday Password Cracking” by Thorsten Fisher – http://www.irmplc.com/downloads/whitepapers/Everyday_Password_Cracking.pdf
Password Recovery Speeds – http://www.lockdown.co.uk/?pg=combi&s=articles
Rainbow Hash Cracking – http://www.codinghorror.com/blog/2007/09/rainbow-hash-cracking.html
What is Rainbow Crack and How to do it: The Time-Memory Tradeoff Hash Cracker : How to Crack Windows passwords – http://learnethicalhacking.wordpress.com/2010/02/04/learn-how-to-hack-facebook-passwords-and-accounts-using-phishing-attack-facebook-fake-page/
Cracking Windows Password Hashes – http://thehackingoftech.wordpress.com/2010/01/24/cracking-windows-password-hashes/
How to recover Windows XP passwords with PwDump and MdCrack – http://winguard.blogspot.com/2009/05/how-to-recover-windows-xp-passwords.html

Comments (1)

May 2012
M	T	W	T	F	S	S
« Apr
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

2010.07.13

2010.06.17

2010.05.25

Places

Simple dictionary-based cracking

Articles

2010.05.21

2010.03.17

2010.01.28

2010.01.07

2010.01.06

Offline crackers

Online tools

Articles

Categories

Archives

Email Subscription

Recent Posts

art and fun

Blogroll

free thinkers

health

infosec & privacy

it

knowledge management

life

mathematics & physics & astro, oh my!

mind & brain

past

science

skils & hacks

society & technology

unix

Tags

Follow “Eikonal Blog”