Blog Posts Tagged with "cracking"
Refresher Series - Capturing and cracking SMB hashes with Cain and Half-LM rainbow tables.
December 20, 2012 Added by:f8lerror
On to the fun stuff, to capture a hash we want to use the Metasploit capture SMB auxiliary module, which is located in auxiliary/server/capture/smb. Leave the default settings with the exception of the CAINPWFILE. Set this to output the file where ever you like...
Comments (0)
What Makes My Passwords Vulnerable?
November 25, 2012 Added by:Robert Siciliano
Simple passwords: When 32 million passwords were exposed in a breach last year, almost 1% of victims were using 123456. The next most popular password was 12345. Other common choices are 111111, princess, qwerty, and abc123. Avoid these types of passwords, which are easily guessed...
Comments (0)
Microsoft Forcing Users to Use Less Secure Passwords
September 18, 2012 Added by:Dan Dieterle
Looks like Windows 8 is capped at a 16 character limit for compatibility with existing Microsoft Accounts. With the decrease of the character set, by limiting special characters for compatibility with Microsoft’s other services, the passwords are less secure than before...
Comments (2)
Chapcrack and CloudCracker Unlock MS-CHAPv2-Based VPN Traffic
September 06, 2012 Added by:Dan Dieterle
A recently released article explains in detail how to crack MS-CHAPv2 communication used in many PPTP based VPNs with a 100% success rate. But that is not all, the protocol is also used in WPA2 enterprise environments for connecting to Radius authentication servers. Ouch...
Comments (0)
Metasploitable 2.0 pt 4: Cracking Linux Passwords and Pentesting with Grep
August 20, 2012 Added by:Dan Dieterle
Because we had a root shell, we were able to grab the Linux password hashes from the system by simply copying them and pasting them on our local machine. We were then able to use John the Ripper to crack them. We now have passwords to play with...
Comments (0)
Billions of Hashes per Second with Multiforcer Password Cracker
August 07, 2012 Added by:Dan Dieterle
So what does it take to reach cracking speeds topping 154 Billion hashes per second with multiple hashes? The tool was created to help out pentesters who need to crack passwords, but can not submit hashes obtained to online cracking programs due to auditing agreement restrictions...
Comments (0)
How Fast Can Your Password Be Cracked? Instantly...
July 02, 2012 Added by:f8lerror
Instantly with a JavaScript keylogger. In this brief tutorial, we show you how we can use the Metasploit JavaScript Keylogger auxiliary module in a penetration testing phishing campaign or user awareness training. This is intended for informational and/or educational purposes only...
Comments (0)
Password Protection Pointers
June 12, 2012 Added by:Jayson Wylie
The best password is the one that only you know. Even better one is one that nobody else can find out. Crackers are getting away from massive rainbow tables and moving on to graphics processors for quick password compromise. It is possible to categorize your passwords to define the sensitivity of their purpose....
Comments (0)
Hooray! An Open-Source Password Analyzer Tool...
June 08, 2012 Added by:Brent Huston
The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...
Comments (0)
LinkedIn Hacked: Change Your Password
June 06, 2012 Added by:Headlines
Reports indicate that as many as 6.4 million passwords have been compromised. Though the passwords are in encrypted form, reports indicate that they are being cracked at a rapid rate, with somewhere near 300,000 passwords already revealed, putting those LinkedIn members' accounts at risk...
Comments (0)
LM Hash Flaw: Windows Passwords Easy to Crack
March 01, 2012 Added by:Dan Dieterle
The thing is that the lower security hashes are not present on the SAM stored on the hard drive. When the security accounts are loaded into active RAM, Windows re-creates the LM hashes. The LM Hash can be pulled from active RAM using the Windows Credential Editor (WCE)...
Comments (0)
Metadata: A Pentester’s Best Friend
February 17, 2012 Added by:Jake Garlie
Most modern productivity software will automatically insert this information into documents for benefits such as collaboration. However, if not removed before being published to a website, metadata can put an organization at risk...
Comments (0)
ICS-CERT: Koyo Ecom100 Brute Force Cracking Tool
February 15, 2012 Added by:Headlines
A brute force password cracking tool has been released that targets the weak authentication vulnerability in the Koyo ECOM100 Ethernet Module. This tool may greatly reduce the time and skill level required to attack a vulnerable system...
Comments (0)
Hash Types for John the Ripper
January 14, 2012 Added by:Rob Fuller
Pentest Monkey is a great resource for a lot of things. You can take this a step further and create a hash mangler script that takes a clean hash and adds the few prefixes and suffixes that are common on Pentest Monkey's list to get the most odds at John picking it up...
Comments (0)
Crazy Fast Password Recovery with Hashcat
January 02, 2012 Added by:Dan Dieterle
Hashcat is a multi-threaded cracker, so if your CPU can run several threads, it will use them. But the real speed comes into play when using the horsepower of a GPU. If your GPU can run hundreds of threads, all of this power is used to break passwords...
Comments (1)
Top Ten Password Cracking Methods
December 05, 2011 Added by:Headlines
"A rainbow table is a list of pre-computed hashes - the numerical value of an encrypted password, used by most systems today - and that’s the hashes of all possible password combinations for any given hashing algorithm mind..."
Comments (2)
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform