Suggestions for a PW cracking toolkit
Results 1 to 6 of 6

Thread: Suggestions for a PW cracking toolkit

  1. #1
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    Suggestions for a PW cracking toolkit

    We have an opportunity to do some on-site password integrity testing for a few days at a medium sized client site. The service group who normally does this thinks it is too small of a job to bother with, so we're handling it through a consulting contract.

    So, we don't have any licensed software or anything yet to work with. Just a laptop and access. What are your suggestions for tools to go about this?

    I am planning on a dual boot system so we can run tools under both Windows and *NIX. The bulk of the testing will be 500+ Active Directory accounts, but we'll have a handful of /etc/passwd and /etc/shadow files, plus some accounts from routers and other devices on the network.

    What would *your* wishlist be, and why?
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  2. #2
    Banned
    Join Date
    Aug 2004
    Posts
    534
    pwdump (latest version) & johnTR would be obvious choices

    as far as software goes I had some experience w/ SAMInside

    http://www.insidepro.com/eng/saminside.shtml

    It was in a fashion design company (about 100 accounts) and SI found pwd's faster then pwdump. I don't remmember if I did dictionary or brute, though.

    But since you say "wishlist" ... a nice dual Opteron/Xeon w/ 4gigs of ram would be nice.

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I'd put ophcrack with the bigger of the tables on the list -- http://ophcrack.sourceforge.net/

    I'd also include rainbow crack -- http://www.antsight.com/zsl/rainbowcrack/... Solely because the only other software that I know for sure works with the Shmoo Rainbow Tables is LC5 and it's pay software.... I'm not sure if ophcrack will use the Shmoo tables or not, you may have to "binarize" them first with the software from ophcrack 1 (link on the ophcrack 2 page) and speaking of the Shmoo Rainbow Tables, they're nice to have -- http://rainbowtables.shmoo.com/

    Since it's an AD implementation, if you can get access to any of their workstations, might be fun Cachedump -- http://www.cr0.net:8040/misc/cachedump.html and the patched version of JtR with you.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    AO Veteran NeuTron's Avatar
    Join Date
    Apr 2003
    Posts
    550
    If I were you, I would boot up the machines that are already onsite with a live linux cluster distro and attack the password list with cisillia. ClusterKnoppix or the new version of CHAOS would do the trick.
    Tutorial Here

    -NeuTron

  5. #5
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    ... service group who normally does this thinks it is too small of a job to bother with, so we're handling it through a consulting contract.
    Why does this sound so scary, yet so plausible?

    The bulk of the testing will be 500+ Active Directory accounts, but we'll have a handful of /etc/passwd and /etc/shadow files, plus some accounts from routers and other devices on the network.
    I am no password security guru, nor Active Directory, but I have a few questions here.

    Were you informed of the current password policies and checking procedures?

    If so, how are they implemented?

    At work ( again, at work I am a user and not in IT ) I have numerous passwords. Some are required to be changed every 30 days, some every 3 months, some never. Some can not contain any form of a previous password used within the last year, some donít care.

    How is this relevant to the thread? Before you can begin to assess the password integrity of the site, you must first know the current policies and integrity checking that is in place. No sense in checking passwords with johnTR if those passwords are already checked using it ( unless there is some cause to believe the server doing the checks has been hacked. )

    FWIW, why have a password to a system that requires complex, 12+ digit passwords to a system that is accessed by a system with little or no security to it? What I mean here is, why insist on a complex password for a system, from a system that is easily hacked? If someone can hack one system ( like those connected to the Internet, or through the Internet) can they not then introduce a key logger and then obtain logon and password combinations ?

    Just thoughts, which are known but I believe are sometimes overlooked.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  6. #6
    Senior Member
    Join Date
    Jan 2004
    Location
    Hawaii
    Posts
    351
    Cain from www.oxid.it is one of the best pieces of software out there.
    It supports Rainbow tables...I don't think they even have to be sorted, but it's faster if they are anyways.

    Best of all its **free**.

    A_T
    Geek isn't just a four-letter word; it's a six-figure income.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •