Blog Posts Tagged with "Hashes"

B64e021126c832bb29ec9fa988155eaf

Crazy Fast Password Recovery with Hashcat

January 02, 2012 Added by:Dan Dieterle

Hashcat is a multi-threaded cracker, so if your CPU can run several threads, it will use them. But the real speed comes into play when using the horsepower of a GPU. If your GPU can run hundreds of threads, all of this power is used to break passwords...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

Memory Forensics: How to Pull Passwords from a Memory Dump

November 13, 2011 Added by:Dan Dieterle

We now have a list of where several key items are located in the memory dump. Next, we will extract the password hashes from the memory dump. To do this we need to know the starting memory locations for the system and same keys...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Railgun Error Checking

August 30, 2011 Added by:Rob Fuller

One important thing to note about Railgun is that you are querying the API, and just as if you were using C++, the API you are calling just might not be there on the system. So here is a quick trick to find out if a the function (API) that you are trying to call is available to you...

Comments  (0)

Ec9b0ab31140696dd578b354b1054635

Password Hash: It's Okay to Inhale...

July 18, 2011 Added by:Vulcan Mindm3ld

The recent IRC Federal and HBGary SQL injection vulnerabilities allowed attackers access to a username/password table stored in the database. IRC Federal's “experts” simply stored unencrypted passwords while HBGary's “expert” third-party developers implemented unsalted, non-iterated MD5...

Comments  (4)

8c4834b99847b9f7c9ee94b45df086f9

Sony Breach Highlights Secure Password Storage

June 08, 2011 Added by:Emmett Jorgensen

Secure password storage is crucial to any secure system. From sites such as Sony to operating systems and data backups on encrypted hard drives, if the password is in plain text your account and data is not safe. After all, why try to guess a password if you can just copy and paste it?

Comments  (0)

69dafe8b58066478aea48f3d0f384820

New John the Ripper Password Cracker Release

June 06, 2011 Added by:Headlines

A new version of John The Ripper, a free password cracking software tool, has been released. It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects hash types, and includes a customizable cracker...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Dumping Hashes on Win2k8 R2 x64 with Metasploit

June 01, 2011 Added by:Rob Fuller

When trying to dump password hashes on a Windows 2008 R2 64 bit box I constantly run into the "The parameter is incorrect" error in Meterpreter. Well, with a bit of migration you'll be back to passing the hash. Here is how, with a bit of the thought process first...

Comments  (0)

Cb7f24bc3f25d24cc77090478a2f30b5

How LastPass Protected Passwords and What Changed

May 05, 2011 Added by:Eric Irvin

New passwords will now be hashed using PBKDF2 with SHA-256 hashing, a 256-bit salt, and 100,000 rounds of pseudo-randomization and salting. In comparison, BlackBerry uses 1 round and the Apple iOS4 uses 10,000 rounds. With this implementation, password cracking becomes extremely difficult...

Comments  (0)

39b6d5c1d3c6db11155b975f1b08059f

Phase II: Implementing File Integrity Management (FIM)

March 23, 2011 Added by:Ron Lepofsky

File scans are stored as a hashed value, a one way encryption technique that is used for verifying other data too important to be stored in the clear. The hash value of a rescanned file is compared with the hash value of the initial scan and if a difference appears, then a change was made...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

NTLM Passwords: Can’t Crack it? Just Pass it!

November 01, 2010 Added by:Dan Dieterle

Windows systems usually store the NTLM hash right along with LM hash, so how much longer would it take to access the user account if only the NTLM hash was available?. If certain circumstances are met and a certain technique is used, it could take the same amount of time, or even less...

Comments  (4)

B64e021126c832bb29ec9fa988155eaf

Cracking 14 Character Complex Passwords in 5 Seconds

October 21, 2010 Added by:Dan Dieterle

A Swiss security company called Objectif Sécurité has created a cracking technology that uses rainbow tables on SSD drives. Apparently it is the hard drive access time and not the processor speed that slows down cracking. Using SSD drives can make cracking faster, but just how fast?

Comments  (23)