|
Title: [Article]-Video: RainbowCrack after MS-SQL/Pwdump Hack Post by: don on November 26, 2006, 11:40:36 PM Quote Although this does not follow the exact steps of the article, this video is a companion to Chris Gates' highly popular, definitive work entitled Tutorial: Rainbow Tables and RainbowCrack (http://www.ethicalhacker.net/content/view/94/24/). Follow along as we perform the following hack:
Enjoy and keep an eye out for future videos. Feel free to post comments and suggestions for future videos. Thanks, Chris Gates Video: RainbowCrack after MS-SQL/Pwdump Hack (http://www.ethicalhacker.net/content/view/96/24/) Don Title: Re: [Article]-Video: RainbowCrack after MS-SQL/Pwdump Hack Post by: slimjim100 on November 27, 2006, 07:56:33 PM That was too cool! Thanks for sharing it with all of us.
Slimjim100 Title: Re: [Article]-Video: RainbowCrack after MS-SQL/Pwdump Hack Post by: ChrisG on November 27, 2006, 10:06:13 PM thanks for the feedback!
Title: Re: [Article]-Video: RainbowCrack after MS-SQL/Pwdump Hack Post by: don on November 28, 2006, 11:42:08 AM Digg this video:
http://www.digg.com/security/Video_All_You_Ever_Wanted_to_Know_About_PW_Cracking_and_Rainbow_Tables Don Title: Re: [Article]-Video: RainbowCrack after MS-SQL/Pwdump Hack Post by: slimjim100 on November 28, 2006, 09:37:49 PM Dugg :)
Title: Re: [Article]-Video: RainbowCrack after MS-SQL/Pwdump Hack Post by: thorin on January 11, 2007, 10:43:50 AM Good video, however it would have been much more realistic if you at least included one decent strength password (time lapse it, or highlight the cracking time or whatever).
It was a very illustrative video to show someone the steps however it should also point out the fact that cracking a good password could take days or be impossible. PenTesters would love if all PW crack attempts only took minutes or hours and gave them something to show their clients however that's not really realistic. If you're PenTesting for a client that doesn't have a decent password policy then there's a lot of work they need on sec management, policy and governance before jumping into technical evaluation(s) of their apps, systems, or infrastructure. Title: Re: [Article]-Video: RainbowCrack after MS-SQL/Pwdump Hack Post by: ChrisG on January 11, 2007, 02:12:40 PM thanks for the good feedback. if you check out the rainbowtables/rainbow crack tutorial that set of password hashes does include some "tough" ones and one that is not stored as LM. but i dont really get that into analyzing which ones it cracked and which ones it didnt in the vid.
with rainbow tables it will either crack it or not, it wont take days (thats the whole point of them that i spent the time to create the tables and i enjoy a decent % of cracked passwords). now with john the ripper be prepared to wait... Title: Re: [Article]-Video: RainbowCrack after MS-SQL/Pwdump Hack Post by: thorin on January 11, 2007, 02:24:35 PM thanks for the good feedback. if you check out the rainbowtables/rainbow crack tutorial that set of password hashes does include some "tough" ones and one that is not stored as LM. I did notice a few numbers but I didn't notice much mixed case or non-alpha num characters (!@#$%^*, etc).... though I guess that would require a much much larger set of tables. However, your point about it not taking days is well received. I went hunting after your reply a noticed that passwords of a strength which I'd feel confident suggesting to a client still fell in <20min (based on the example at the bottom of the rainbowcrack.com main page).
Powered by SMF 1.1.7 |
SMF © 2006-2007, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com |