Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

/_vti_pvt/users.pwd question
From: "Robert Bruce" <robert.bruce () anwarcapital com>
Date: Thu, 6 Nov 2003 22:36:11 -0000
Hi all 

Whilst doing an internal penetration test on our private network, I
picked up the below web file:

+ /_vti_pvt/users.pwd - these contain passwords encrypted with unix
crypt() (GET)

Upon looking in the file I get this value:

QSI8R7k5dLPOE

I put this into a passwd file and ran it against John the Ripper which
detected it as DES encrypted text. I ran DES running for over a week but
it was not able to crack this value?

Any ideas..I am doing something wrong, (PS. I ran it on a 4 CPU powerful
Compaq server).

Cheers
Robert Bruce ESA
Anwar Capital



---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]