Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Craking Serv-u passwords stored in .ini file.
From: "Altheide, Cory B. (IARC)" <AltheideC () nv doe gov>
Date: Thu, 2 Sep 2004 10:35:45 -0700

-----Original Message-----
From: Jérôme ATHIAS [mailto:jerome.athias () caramail com] 
Sent: Wednesday, September 01, 2004 12:11 PM
To: pen-test () securityfocus com
Subject: Re: Craking Serv-u passwords stored in .ini file.

i believe that is an md5 hash.  there is a free service for cracking 
md5 = hashes that uses tables at http://passcracking.com

peas audi

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I believe this url will only crack LM hashes of Windows 
passwords up to 14 characters using Rainbow Tables...

I think it's quite different from MD5...


That's odd, because right at the top of the page, it says "MD5 ONLINE
CRACKING."  Also, the title of the page is "MD5 CRACK." Furthermore, the
about section has clues like "This project is dedicated to crack md5 hashes
online through web interface" and "At the moment we can crack md5 hashes in
this character range: a-z;0-9 [8] which means we can break almost all hashes
(99.56%) which are created from lowercase plaintext with letters and/or
digits up to length of 8 characters."

In fact, Windows LM hashes aren't mentioned at all.

I'm fairly certain that this URL will only crack MD5 hashes* and won't do
much of anything useful with Lanman hashes.

Cory Altheide
Senior Network Forensics Specialist
NNSA Information Assurance Response Center (IARC)
altheidec () nv doe gov

*unsalted


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]