Printable View
It does not even work. I just created a couple of dummy users and took their hashes. Guess what nothing happened its the same like L0pht could not crack my password.
Its a scam where people throw the hashes that contain passwords and these guys crack them at their own time. Pretty pathetic if you ask me.
Hey, it's me. I read some of the replies here and a few of them made me chuckle.
I thought I would post a few comments here:
1) No, it's not a scam. It probably could be a very good one though.. Except we went to a lot of trouble to develop some new technology that benefits us more by being legit... darn!
2) It is COMPLETELY different from l0phtcrack. l0phtcrack takes hours / days / weeks and longer to crack passwords depending on the complexity of their character set and structure. IPC$ cracks ANY password in under 1 second. Actual time is around 100 - 200 ms. The idea that MS hash algorythm is available is not the issue. Speed is the issue. We have destroyed the concept of cracking on-way hashes... No more than 1 second is required now.
3) We did not release the full capabilities (full character set) because we wanted to demonstrate how we have affected the process of brute-force on one-way hashes. We may release it fully in the near future, but have not yet decided the app's future. This explains some passwords not being retrieved.
4) It would be naive of anyone to think that their IP is not publicly available when using public services. Any public service such as a web server is logging users for security, audit and functionality purposes. Sec33 is a legit organization that is NOT matching IP addresses to those who use our tools. We don't have that much time on our hands anyway. ** Actually, as I write this. I am at a client site doing real-life work.
5) It is also naive of me to think that everyone in this world *thinks* before they post comments. But, I still can only hope. (this is for those who made bogus remaks) Please, next time you post.. Take a little time to investigate before making foolish remarks. Thanks. ;-)
If any of you should have any questions, or do not understand the concept of cracking one-way hashes in under 1 second. Please let me know. If you understand how many million guesses are required and the process behind brute-force, then you will find this quite amazing. If you don't, well then.. you just won't see the power of the app.
... its been a rough day.
Thanks,
Kelvin://
Hey Kelvin,
I hope I'm not adding to your rough day. But I'm wondering, how will this be a security tool? Will it be available to just anyone? Are people supposed to use it to test the strength of their passwords? :confused:
Does anyone else have problems parsing the above? Or rather, that it's completely non-sensical? If I had to hazard a guess, it'd be that it is so speedy simply because it uses the leaked algorithm.Quote:
Originally posted here by Kelvin@Sec33
[...]The idea that MS hash algorythm is available is not the issue. Speed is the issue. We have destroyed the concept of cracking on-way hashes... No more than 1 second is required now.
Well, given the crippled state of release, it would seem easy for you to put up a disclaimer on the passwords that fall outside of the "guessing parameters," indicating that you had noticed it was an unqualified password, etc. Might lend a little more credibility to your claims, at leastQuote:
3) We did not release the full capabilities (full character set) because we wanted to demonstrate how we have affected the process of brute-force on one-way hashes. We may release it fully in the near future, but have not yet decided the app's future. This explains some passwords not being retrieved.
(and, if anyone submits a password that falls within your criteria, and your tool still complains, it would be easy to further demonstrate this as nonsense).
...much like some vendors don't necessarily "think" (or spell check) before posting their ads.Quote:
5) It is also naive of me to think that everyone in this world *thinks* before they post comments. But, I still can only hope. (this is for those who made bogus remaks) Please, next time you post.. Take a little time to investigate before making foolish remarks. Thanks. ;-)
Quote:
... its been a rough day.
Yes it has... :D
Okay, let me explain one-way hashes.Quote:
Does anyone else have problems parsing the above? Or rather, that it's completely non-sensical? If I had to hazard a guess, it'd be that it is so speedy simply because it uses the leaked algorithm.
The algorythm used to create a one-way hash is known as a polynomial algorythm. Polynomial meaning that it cannot be reversed with the current amount of technology available at this point in time. Our math system is not perfect, there are situations where calculations can make use of 'trap doors'. The trap doors, are calculations that can be performed in only one direction. So, simply running a calculation in the opposite direction does NOT result in the original factors.
--
polynomial
1. <mathematics> An arithmetic expression composed by summing multiples of powers of some variable.
P(x) = sum a_i x^i for i = 0 .. N
The multipliers, a_i, are known as "coefficients" and N, the highest power of x with a non-zero coefficient, is known as the "degree" of the polynomial. If N=0 then P(x) is constant, if N=1, P(x) is linear in x. N=2 gives a "quadratic" and N=3, a "cubic".
2. <complexity> polynomial-time.
---
Thus, a brute force attack on a one-way hash is done by running the algorythm on every possible combination of characters and comparing the hash output with the stored hash output of the password. If they do not match, then it goes to the next combination and attempts again. If they do match, then you know what the original input to the algorythm is, and of course you now have the password.
L0phtcrack can run in upwards of 2.1 million guesses per second. And this is still slow.
Here are some stats on brute-forcing a password:
A 6 character password utilizing a-z (lower-case only) has 308,915,776 possible combinations. So at 2.1 million guesses per second that would only take around 147 seconds. Thats not too bad...
But, an 8 character password utilizing the full character set on your keyboard has 6,634,204,312,890,625 possible combinations. It would take about 3,159,144,910 seconds or 52,652,415 minutes or 877,540 hours or 36,564 days or last but not least around 100 years to run through all possible combinations at 2.1 million guesses per second.
Understand? It's not as simple as you think. A refresher in encryption might be a good idea.
... and, usually when someone knocks someone for bad spelling... they just don't have anything else good to say. ;-) - Face it, the majority of the population isn't perfect when typing. And I am a member of the majority.
The day is getting longer.
Kelvin://
Another small question Kevin, does this program seek to crack the Admin password..LOL what if the password for the Admin account is not called Administrator, Admin etc..to crack a password first ya gotta match a name with an account. I'd say this can do that you had better go back to the drawing board. Sorry Administrator does not have an account with me..yer gonna crunch numbers a long time! LOL oldest trick in the book default Administrator quick tip never call the admin account Admin or Administrator..LOL..wait default dir is not WinNT..go figure!
Kelvin I do not elicit myself as being any type of math guru(or speller). It never was any subject that I really liked.
But all you did was explain how one-way hashes work, and I saw the same web page that you cut an pasted it from. -- http://wombat.doc.ic.ac.uk/foldoc/foldoc.cgi?polynomial ---
This is what I think....
1) you got the leaked algorithm from MS.
or
2) you have a bunch of already cracked passwords from l0pht(and I mean a bunch) and you are using them to check everybodys password against....now, why would you do this....well I would do this to save the hashes and the ip address they came from and crack them with l0pht and try to gain access into the site.
my 2 cents...of course there may be other reasons..or I am completely wrong....
The account does not matter as it does not affect the hash at all, you could place any name in the first field of the hash. I recommend doing this actually since the page is not configured to use any type of encryption.Quote:
does this program seek to crack the Admin password..LOL what if the password for the Admin account is not called Administrator,
I did a little more than explain how one-way hashes work. I also explained how brute-forcing one-way hashes works.Quote:
But all you did was explain how one-way hashes work, and I saw the same web page that you cut an pasted it from. -- http://wombat.doc.ic.ac.uk/foldoc/foldoc.cgi?polynomial ---
The text I PASTED in was from dictionary.com and was meant to be a defintion. Did you miss that somehow? I guess I should have been more clear. The rest of the post was from my little brain - which is sadly affected by jet-lag right now.
You could make the same statements about any other password crackers. Right? Except, why do you use password crackers? Crack for malitious intent, crack for profesional use, admin loses passwords, auditors testing the strength of passwords, admin's ensuring password policies are being enforced and followed. The list goes on.
If you don't want to use the application, you are not forced to. It was not designed to spawn conversations about script kiddies trying to fool users into sending their passwords to odd places on the Internet.
If you don't want to use 'live' password hashes, just do the following and then delete the account when done.
At a windows NT / 2000 command prompt:
net user newaccountname password /add
Then download and run pwdump2
This will display the hashes... Just submit the new account, and do the following to delete it
net user newaccountname /del
Simple.
Grrrrrr... Going to bed.
Kelvin://
No need to become defensive, Kelvin. I am sorry if I forgot to mention about you also explaining about using brute force to crack one way hashes. I hate to type and I too am tired, so I figured that people would get the gist and all that intuitive stuff I keep on hearing about.
Hey man don't get all up in arms trying to defend your program...whenever or if you release the source, then we can see if the algorithm that is being used is the same. I am sure that lots of people have already snarfed it up and somebody will try to compare it.
But for now, if you say that it is not the leaked algorithm from MS and you are not some evil empire *the Brain* trying to take over the world every night, then relax.....
But you have to take this, because boasting 1000x faster than l0pht...doing 1000 hashes in seconds.....do you see what I mean? That is quite a jump.....
You are too right..
I have been responding to emails all evening with this topic...
Thanks for *slappin'* me back to reality.
Kelvin://