Web-based NT & Win2k password cracker !

[Kelvin@Sec33]

Thought I would take a sec and drop a note here.

My buddy Morlock just finished up something that ya'll might be really interested in.

An NT and Win2k password cracking app that is 1,000's faster than l0phtcrack.

There will be a press-release sometime today (Monday), if not then definately Tuesday. The technology behind this is quite amazing and is something that he has been working on for quite a while. The concept / technology is quite dynamic and we can port it to almost all encryption / hash technology.

Preliminary testing shows that it retrieves over 1,000 passwords in less than 30 seconds.. That doesn't mean that it ONLY checks for 1,000 passwords... That means it actually is RETRIEVING over 1,000 passwords in under 30 seconds... Some modifications over the next week should decrease this time by 30%.

There is nothing like it. - A little Wizardy is what Morlock calls it. ;-)

You can check it out here. www.sec33.com/modules.php?name=IPC

Take a look and let us know how it works out for ya.

Kelvin:// - kelvin@sec33.com

[Terr]

1000 times faster than l0phtcrack? Erm..... On equivalent equipment?
On what hardware is this running? Is this seemingly-too-good-to-be-true process based on software or hardware? It just seems a bit grandiose to be real.

[Kelvin@Sec33]

Hardware is standard. The technology IS software based and that is about the extent that Morlock wants me to say (It's his baby).

Optimization is definately a factor here. And believe it or not, it is just blistering fast.

Kelvin:// - If you happen to have 1,000 lines of MS hashes, or as many as you can throw together. Give it a shot.

We have limited the capabilities of the application for security reasons... We want to demonstrate the lack of time for brute-force now, not to destroy passwords that were intended to be strong. We will be thinking of a way to release the app to its full extent soon.

Kelvin://

[s0nIc]

hmm.. i would rather think if this app shouldnt go out in the open.. i mean.. if it is what u said it is.. then its a big security risk..

i'd say, make the access of this app "exclusive"...

[avenger_jcc]

Seems like a anti-security program to me... Only real good place I can think of here is a admin locked him/herself out... otherwise... those with legitimate need to access the account know the password or can get it reset by the admin......
Just a thought.

Avenger

[knightmb]

Originally posted here by Kelvin@Sec33
Thought I would take a sec and drop a note here.

My buddy Morlock just finished up something that ya'll might be really interested in.

An NT and Win2k password cracking app that is 1,000's faster than l0phtcrack.

There will be a press-release sometime today (Monday), if not then definately Tuesday. The technology behind this is quite amazing and is something that he has been working on for quite a while. The concept / technology is quite dynamic and we can port it to almost all encryption / hash technology.

Preliminary testing shows that it retrieves over 1,000 passwords in less than 30 seconds.. That doesn't mean that it ONLY checks for 1,000 passwords... That means it actually is RETRIEVING over 1,000 passwords in under 30 seconds... Some modifications over the next week should decrease this time by 30%.

There is nothing like it. - A little Wizardy is what Morlock calls it. ;-)

You can check it out here. www.sec33.com/modules.php?name=IPC

Take a look and let us know how it works out for ya.

Kelvin:// - kelvin@sec33.com

Yes, we are quite aware that someone has leaked the algorithm used by Microsoft to encrypt their password, so it would seem pretty fast to crack them when you know how they were made in the first place

[ac1dsp3ctrum]

This program IS a serious security risk...... Ill post more on what I mean later, but for now... I must go

[ebangor]

I have a W2k professional problem, I have locked myself out and I do not know the password. Is there anything I could do go get into my system without losing anything. I am not sure if it was configured with NTFS or FAT32 and it is not encrypted. I am getting desperate and I need some help. I was not able to get into the system with W98 disk. So I am assuming that it is NTFS. What would be my next step. Thank you.

[knightmb]

Originally posted here by ebangor
I have a W2k professional problem, I have locked myself out and I do not know the password. Is there anything I could do go get into my system without losing anything. I am not sure if it was configured with NTFS or FAT32 and it is not encrypted. I am getting desperate and I need some help. Thank you.

Find out what file system is being used first.
Try a windows98 boot disk, if you can access the drive in dos then it's FAT16 or FAT32, if it's NTFS you will need to use the recovery console that comes with windows 2k.
I'll explain more later when you find out what file system is in use.

[souleman]

The more I think about this program, the more it scares me. I mean, it isn't anything for a website to check your ip address. Ok, so I go to the website, and give it my NT server password hash files...Hummm. Now, the site has not only my IP address, but also my account names, and many of the passwords. This just really seams kinda crazy to me. I am not saying that sec33 is going to be trying anything like this, because they are to well known, but it just seems kinda sketchy to me....