Blog Posts Tagged with "Hashing"

71d85bb5d111973cb65dfee3d2a7e6c9

Refresher Series - Capturing and cracking SMB hashes with Cain and Half-LM rainbow tables.

December 20, 2012 Added by:f8lerror

On to the fun stuff, to capture a hash we want to use the Metasploit capture SMB auxiliary module, which is located in auxiliary/server/capture/smb. Leave the default settings with the exception of the CAINPWFILE. Set this to output the file where ever you like...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

When Log Files Attack: IEEE Data Leak

September 28, 2012 Added by:Tripwire Inc

The fact that usernames and passwords were being logged to a plaintext file itself is problematic, even if the passwords are being hashed when stored in a database, if such data is logged in plain text it defeats the entire purpose...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Cross-Protocol Chained Pass the Hash for Metasploit

August 29, 2012 Added by:Rob Fuller

Every so often someone writes a Metasploit Module that is pretty epic. July 12th was one such day, and as soon as you do you can start using this (using the example resource file to put a file, cat it out, enum shares available, list files on a share) then psexec all from a single URL being loaded...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Yahoo!'s No Encryption Trumps LinkedIn's Unsalted Hash

July 12, 2012 Added by:Headlines

Just a month after LinkedIn experienced a significant security breach and caught flack for not "salting their hash", the revelation that the Yahoo! credentials were not even stored in an encrypted format should have everyone concerned about how seriously companies are taking the security of their users...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Credential Management

June 13, 2012 Added by:Infosec Island Admin

Credential caching should be disabled on all machines. A common technique employed by attackers is referred to as “pass the hash.” The pass the hash technique uses cached password hashes extracted from a compromised machine to gain access to additional machines on the domain...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ZOMG: LinkedIn was Hacked and our Passwords Were Leaked

June 10, 2012 Added by:Infosec Island Admin

LinkedIn and other companies like Sony have shown time and again, they DON’T CARE about YOUR data. Always remember this people. So, you want an account on these places, then you best make a throw away password and limit your data on the sites that host it. Otherwise, your data will be up for the taking...

Comments  (1)

94c7ac665bbf77879483b04272744424

LinkedIn Fails Security Due Diligence

June 07, 2012 Added by:Marc Quibell

Poor security practices led to the password database ending up in Russia. We can also say that the best security practices were not applied to the security of our passwords: LinkedIn did not "salt their hash" and therefore the passwords were much more vulnerable to simple brute force attacks...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

LinkedIn Hacked: Change Your Password

June 06, 2012 Added by:Headlines

Reports indicate that as many as 6.4 million passwords have been compromised. Though the passwords are in encrypted form, reports indicate that they are being cracked at a rapid rate, with somewhere near 300,000 passwords already revealed, putting those LinkedIn members' accounts at risk...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Recovering Windows Passwords Remotely in Plain Text

April 26, 2012 Added by:Dan Dieterle

There has been a lot of buzz across the web the last few months about a program called “Mimikatz”. It is an interesting program that allows you to recover Windows passwords from a system in clear text. The passwords for anyone who has logged into a machine can be displayed...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

CISSP Reloaded Domain 4: Cryptography

March 28, 2012 Added by:Javvad Malik

Cryptography, the dark art of information security. The deus-ex-machina, the silver bullet, the be all and end all of all security measures, so profound cryptography was first classed as a munitions. Widely misunderstood, often poorly implemented...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

LM Hash Flaw: Windows Passwords Easy to Crack

March 01, 2012 Added by:Dan Dieterle

The thing is that the lower security hashes are not present on the SAM stored on the hard drive. When the security accounts are loaded into active RAM, Windows re-creates the LM hashes. The LM Hash can be pulled from active RAM using the Windows Credential Editor (WCE)...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Encryption: A Buzzword, Not a Silver Bullet

February 16, 2012 Added by:Danny Lieberman

Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider four encryption components on the server side: passwords, tables, partitions and inter-tier socket communications...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Encryption: On Hashing Basics

February 08, 2012 Added by:PCI Guru

Never store the obscured value along with the truncated value. Always separate the two values and also implement security on the obscured value so that people cannot readily get the obscured value and the truncated value together without oversight and management approval...

Comments  (0)