Eikonal Blog

2010.07.13

Stages of checking password crackability

  1. Check if password is empty.
  2. Check if password is equal to the username.
  3. For system (or application) provided accounts, use the Google to find default passwords provided by manufacturers’, and test them against these accounts on your system(s).
  4. Check if password is in the custom assembled corporate dictionary.
  5. Check if password is in the selected language’s dictionary. (see: https://eikonal.wordpress.com/2010/03/29/default-passwords/)
  6. Check if password is a dictionary word + one digit.
  7. Check if password is an 311tized word.
  8. Is password the concatenation of multiple words.
  9. Check in the database of precomputed password hashes.
  10. Desperate measure: brute force cracking.
Advertisements

2010.06.17

Cracking Kerberos passwords

Filed under: infosec — Tags: , — sandokan65 @ 08:42

The only tool I know residing on this niche is ntsecurity’s KerbCrack/KerbSniff (http://ntsecurity.nu/toolbox/kerbcrack/).

Usage:

kerbcrack.exe kerbcap.snf -b1 9

2010.05.25

John the Ripper

Filed under: infosec — Tags: , , , , , — sandokan65 @ 15:16

Places

Simple dictionary-based cracking

For Linux systems, the hashed passwords are contained in the /etc/shadow file. To use John the ripper, one needs both that file and /etc/passwd.

  • Unshadowing:
    ./unshadow.exe passwd.txt shadow.txt > passwd-unshadowed.txt
  • To run John against the unshadowed password file passwdFile-unshadowed.txt using the predefined word-list mywords.lst, run
    following:
    ./john.exe –wordlist=mywords.lst passwd-unshadowed.txt
  • To see the cracked passwords run:
    ./john.exe –show passwdFile-unshadowed.txt
  • and to save that file:
    ./john.exe –show passwdFile-unshadowed.txt > passwdFile-cracked.txt

Articles


Related here: Default passwords, wordlist and Rainbow tables – https://eikonal.wordpress.com/2010/03/29/default-passwords/ | Passwords cracking – https://eikonal.wordpress.com/2010/01/06/password-crackers/

2010.05.21

Cisco “password 7″

Filed under: crypto, infosec — Tags: , , — sandokan65 @ 14:13

Local info:

2010.03.17

Infosec blogs

—–
Similar collections (and partial sources) of links:

2010.01.28

Cisco “password 7” decryption – Perl code

Filed under: infosec — Tags: , , , — sandokan65 @ 17:19

Source: somewhere from the web.

#!/usr/bin/perl -w
# $Id: ios7decrypt.pl,v 1.1 1998/01/11 21:31:12 mesrik Exp $
#
# Credits for orginal code and description hobbit@avian.org,
# SPHiXe, .mudge et al. and for John Bashinski 
# for Cisco IOS password encryption facts.
#
# Use for any malice or illegal purposes strictly prohibited!
#

@xlat = ( 0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41,
          0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c,
          0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53 , 0x55, 0x42 );

while () {
        if (/(password|md5)\s+7\s+([\da-f]+)/io) {
            if (!(length($2) & 1)) {
                $ep = $2; $dp = "";
                ($s, $e) = ($2 =~ /^(..)(.+)/o);
                for ($i = 0; $i < length($e); $i+=2) {
                    $dp .= sprintf "%c",hex(substr($e,$i,2))^$xlat[$s++];
                }
                s/7\s+$ep/$dp/;
            }
        }
        print;
}


Related: https://eikonal.wordpress.com/2010/05/21/cisco-%e2%80%9cpassword-7%e2%80%b3/

2010.01.07

Cisco “Password 7” Cracker – javascript code

Filed under: crypto, infosec — Tags: , , — sandokan65 @ 13:48

Source: http://www.ifm.net.nz/cookbooks/passwordcracker.html

<script language="JavaScript1.2" type="text/javascript">
<!--
// Is the character a digit?
function isDigit(theDigit) 
{ 
    var digitArray = new Array('0','1','2','3','4','5','6','7','8','9')

    for (j = 0; j < digitArray.length; j++)  {
        if (theDigit == digitArray[j]) 
            return true 
    } 
    return false 
} 


// Generate a config file ready for loading
function crackPassword(form)
{
    var crypttext=form.crypttext.value.toUpperCase()
    var plaintext=''
    var xlat="dsfd;kfoA,.iyewrkldJKDHSUBsgvca69834ncxv9873254k;fg87"
    var seed, i, val=0

    if(crypttext.length & 1)
        return

    seed = (crypttext.charCodeAt(0) - 0x30) * 10 + crypttext.charCodeAt(1) - 0x30

    if (seed > 15 || !isDigit(crypttext.charAt(0)) || !isDigit(crypttext.charAt(1)))
        return

        for (i = 2 ; i <= crypttext.length; i++) {
                if(i !=2 && !(i & 1)) {
                        plaintext+=String.fromCharCode(val ^ xlat.charCodeAt(seed++))
            seed%=xlat.length
                        val = 0;
                }

                val *= 16

        if(isDigit(crypttext.charAt(i))) {
            val += crypttext.charCodeAt(i) - 0x30
            continue
        }


        if(crypttext.charCodeAt(i) >= 0x41 && crypttext.charCodeAt(i) <= 0x46) {
            val += crypttext.charCodeAt(i) - 0x41 + 0x0a
            continue
        }

        if(crypttext.length != i)
            return
        }

    form.plaintext.value=plaintext
}

-->
</script>

<form name="never-you-mind" id="never-you-mind" action="#">
<table border="1">
  <tbody><tr><td>
<p>
Type 7 Password:
  <input name="crypttext" size="60" type="text">
</p>

<p>
  <input value="Crack Password" onclick="crackPassword(this.form)" type="button">
</p>
<p>Plain text:
  <input name="plaintext" size="40" type="text">
</p>
</td></tr></tbody></table>
</form>



Related: https://eikonal.wordpress.com/2010/05/21/cisco-%e2%80%9cpassword-7%e2%80%b3/

2010.01.06

Passwords cracking

Offline crackers

Online tools

Articles

Generating password hashes

  • Generating unix-style MD5 password hashes:
    • openssl passwd -1 -salt QIGCa pippo
    • produces: $1$QIGCa$/ruJs8AvmrknzKTzM2TYE.
  • Generating password hash for native system crypt() function:
    • perl -e ‘print crypt(“pippo”, “\$1\$QIGCa”),”\n”‘
    • produces: $1Su6NR9CFU/6

VARIOUS


Related here: Default passwords, wordlist and Rainbow tables – https://eikonal.wordpress.com/2010/03/29/default-passwords/ | John The Ripper – https://eikonal.wordpress.com/2010/05/25/john-the-ripper/

Create a free website or blog at WordPress.com.