New online service for password hacking

[cabby80]

See:

http://www.theregister.co.uk/2005/11...ssword_hashes/

Some enterprising people have decided to make money out of providing people with the ability to obtain passwords from hashes.

The malicious user still needs to be able to obtain the password hash, meaning they either need to sniff it or have physical access to the box so your other controls will hopefully protect you but......

What are the possible uses of this system except for providing people with the ability to crack passwords for a malicious reason. I can't think of a reason why this service could be used for a legitimate purpose.

Let me know if I am missing something though??

[d0pp]

Well... I have occasionally had to break into machines for legitimate purposes.


Users occasionally forget their passwords, and if there is only one account on the machine...

[Striek]

Shrekkie's (now known as Raiden) website had one up for a while, though just for MD5 hashes. It's down right now due to a lack of disk space and RAM, but it was up not too long ago, and worked magically...

If Shrekkie can do it, anyone can

[cabby80]

D0pp -
Yeah I thought about that too but if you are going to use this service you still need the password hash - Which you will need to log onto the box to obtain (unless you have a backup of your password hash somewhere - which I doubt would be likely).

[MrBabis]

Nice but.... finger prints and usb keys become be used more now.... I do not know how that kind of info is stored in computer.... but I think that is limitation for that service...
It is not always now that is if you can crack then you can use....
You can crack but cannot use.....

Yes it is legal way to that but just on computer that is yours or you have rights to do that.
"Rights" is key.. but still each contry has own rulls. So some of users need to check up it if it is legal there.

[Striek]

All you actually need is some method of booting the machine without using the hard drive. A live cd will work, as will a boot floppy with the capability to read the SAM database. You can also just take the hard drive out and place it in another computer to read it.

If you have physical access to the machine, you can get anything you want off the hard drive. It's really that simple.

[cabby80]

True - Ok I didn't think of live CD if you have forgotten the password of the 1 account on the system then this service could be useful.

But you have to pay a yearly subscription fee, is anyone actually going to pay such a fee just in case they forget their password?

I just think that (if people sign up for this service) the overwhelming use of this service will be for cracking others passwords that have been obtained either illegally or without the other individuals consent.

I would hope that most corporates or Govts have an appropriate level of additional controls to make this a non issue, just thinking about home users and the potential risks for them.
Mind you for most of the uneducated home users I know, there are plenty of easier ways that they will be exploited!!

[MrBabis]

If you are home user that cannot much about computer and you have password on you windows account, so it is easy to reset it with windows build in tool....

1) push "ctrl+alt+del" two time in login screen, so it will change to-> User and Password box.
2) Write in User name "Administrator" in can be different deppends on what language that OS is, (in that case translate Administrator into your language)
3) No password need, just push Enter
4) In console you can use "start control userpasswords2" or in run menu "control userpasswords2"
5) then chose account where you want to reset password, you will se "Reset Password" butten there.

Easy...... , windows helps do it for free....

[ech0]

Resetting passwords via a linux boot disk works too well. I see no problems with that but I do think that normal users wont need this site really. I think of it as any other tool out there like a gun for example, guns dont kill people. People kill people. This site might be like any other offencive tool that could be used for wrong doing. Its kinda in the grey area.

[The Duck]

This site requires a yearly fee?? Sorry but most malicious users are not going to pay for this service... mainly because there are a number of other ways and free software out there that will do it for you... Might take longer, but it's free... There's also ways to make password cracking clusters to make the process faster... there's a tutorial on AO about that somewhere...

It seems they have made a yearly fee because A: they want to make money and B: it will help keep malicious people away...