Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Craking Serv-u passwords stored in .ini file.
From: Nigel Stepp <stepp () atistar net>
Date: Fri, 03 Sep 2004 09:29:45 -0400

Altheide, Cory B. (IARC) wrote:

-----Original Message-----
From: Scovetta, Michael V [mailto:Michael.Scovetta () ca com] Sent: Thursday, September 02, 2004 1:23 PM To: Altheide, Cory B. (IARC); Jérôme ATHIAS; pen-test () securityfocus com
Subject: RE: Craking Serv-u passwords stored in .ini file.


I realize this is pedantic, but there's a fundamental difference between "cracking" MD5 and looking up pre-computed values.
[ snip ]
The only real difference is by using precomputed tables you're front-loading
your work and only doing computations that would normally be needlessly
repetitive once.  Otherwise the "cracking," as it were, is the basically
same.

I think the point in question is that you are not cracking *MD5*. That would entail finding a weakness in the MD5 algorithm that allowed you to reverse the hash, or more easily find what created the hash you are looking at.

Using rainbow tables and such is just brute force, and doesn't have a lot to do with the specific hashing algorithm.


-- Cory


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------




--
:wq

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault