Blog Posts Tagged with "cracking"
December 20, 2012 Added by:f8lerror
On to the fun stuff, to capture a hash we want to use the Metasploit capture SMB auxiliary module, which is located in auxiliary/server/capture/smb. Leave the default settings with the exception of the CAINPWFILE. Set this to output the file where ever you like...
November 25, 2012 Added by:Robert Siciliano
Simple passwords: When 32 million passwords were exposed in a breach last year, almost 1% of victims were using 123456. The next most popular password was 12345. Other common choices are 111111, princess, qwerty, and abc123. Avoid these types of passwords, which are easily guessed...
September 18, 2012 Added by:Dan Dieterle
Looks like Windows 8 is capped at a 16 character limit for compatibility with existing Microsoft Accounts. With the decrease of the character set, by limiting special characters for compatibility with Microsoft’s other services, the passwords are less secure than before...
September 06, 2012 Added by:Dan Dieterle
A recently released article explains in detail how to crack MS-CHAPv2 communication used in many PPTP based VPNs with a 100% success rate. But that is not all, the protocol is also used in WPA2 enterprise environments for connecting to Radius authentication servers. Ouch...
August 20, 2012 Added by:Dan Dieterle
Because we had a root shell, we were able to grab the Linux password hashes from the system by simply copying them and pasting them on our local machine. We were then able to use John the Ripper to crack them. We now have passwords to play with...
August 07, 2012 Added by:Dan Dieterle
So what does it take to reach cracking speeds topping 154 Billion hashes per second with multiple hashes? The tool was created to help out pentesters who need to crack passwords, but can not submit hashes obtained to online cracking programs due to auditing agreement restrictions...
July 02, 2012 Added by:f8lerror
June 12, 2012 Added by:Jayson Wylie
The best password is the one that only you know. Even better one is one that nobody else can find out. Crackers are getting away from massive rainbow tables and moving on to graphics processors for quick password compromise. It is possible to categorize your passwords to define the sensitivity of their purpose....
June 08, 2012 Added by:Brent Huston
The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...
June 06, 2012 Added by:Headlines
Reports indicate that as many as 6.4 million passwords have been compromised. Though the passwords are in encrypted form, reports indicate that they are being cracked at a rapid rate, with somewhere near 300,000 passwords already revealed, putting those LinkedIn members' accounts at risk...
March 01, 2012 Added by:Dan Dieterle
The thing is that the lower security hashes are not present on the SAM stored on the hard drive. When the security accounts are loaded into active RAM, Windows re-creates the LM hashes. The LM Hash can be pulled from active RAM using the Windows Credential Editor (WCE)...
February 17, 2012 Added by:Jake Garlie
Most modern productivity software will automatically insert this information into documents for benefits such as collaboration. However, if not removed before being published to a website, metadata can put an organization at risk...
February 15, 2012 Added by:Headlines
A brute force password cracking tool has been released that targets the weak authentication vulnerability in the Koyo ECOM100 Ethernet Module. This tool may greatly reduce the time and skill level required to attack a vulnerable system...
January 14, 2012 Added by:Rob Fuller
Pentest Monkey is a great resource for a lot of things. You can take this a step further and create a hash mangler script that takes a clean hash and adds the few prefixes and suffixes that are common on Pentest Monkey's list to get the most odds at John picking it up...
January 02, 2012 Added by:Dan Dieterle
Hashcat is a multi-threaded cracker, so if your CPU can run several threads, it will use them. But the real speed comes into play when using the horsepower of a GPU. If your GPU can run hundreds of threads, all of this power is used to break passwords...
December 05, 2011 Added by:Headlines
"A rainbow table is a list of pre-computed hashes - the numerical value of an encrypted password, used by most systems today - and that’s the hashes of all possible password combinations for any given hashing algorithm mind..."
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013