@sil

Excellent post - thanks

Hey MicroJay,

Do you still have this practice exam available? If you do, I wouldn't mind it.

Thanks

Ants

Ketchup, I am of the same opinion as you with regards Symantec and McAfee.
I have installed  Security Essentials on my Win7 box and it looks pretty good so far. It doesn't seem to trash the machine at all.

The only thing that I have to think about now is relying on the default Windows firewall, I haven't done that it years...

Hi MicroJay,

I wouldn't mind having it. I am thinking of starting to study for it by myself so wouldn't mind having a look at the exam to see how far I have to go. BUT, I am only thinking about it so it will probably take me some time before I actually do. So, if somebody has a more pressing need for it, it might be better for them
Thanks..

Ants 

Hi 4sh,

I've got an Excel worksheet password cracker macro that might help. I can't remember where I got it from and who to credit for it.  I used it once and it worked for me. It is just a brute-force password cracker but hopefully will work for you.

Here's the code:

It's not pretty but hey... it might just do the job.

Ants

Hi sant,

Welcome to the Ethical Hacker Net!

As far as  know SANS don't have an institute near you. However you do have other options for taking the course.
You can do the course OnDemand. If you do it this way, they will provide you with all the course material, and access to audio lectures. You also get a VPN connection to their lab. You also have email support from a mentor to answer any questions that you have. You will have access for six months to do the course in your own time.

They also have an @Home option. This is similar to OnDemand except that you would have a live instructor via a VoIP type connection that allows you to directly interact with the instructor. However, as far as I know, these classes are delivered in the US East Cost evening time. So that might not be very suitable for you.

SANS also stage events around the world so if you check their wen site they might just have one near you sometime...

I tool the OnDemand option last year and I found it very good and would recommend it.

I hope that this helps.

Ants

Here is an article that I came across. I'm not saying that I agree with it but I thought that it was an interesting POV.


and it goes on to suggest Here is the full article... http://www.guardian.co.uk/technology/2009/aug/05/bruce-schneier-risk-security

Hey Congratulations humv!

Can I ask you a few questions?

This is one of the courses that I was thinking of doing in the future. How do you rate the course and the supplied equipment? Also how much wifi experience do you think you need before starting the course?

Thanks

Ants

Hi Dav_Id,
I don't think what you have done is necessarily unEthical in a philosophic sense, (I don't think that obeying the law and being ethical are always mutually inclusive) but it is rather against the Code of Ethical Hackers.

I think that it would be best to inform them but I think that you would be lucky to be able to find somebody from the company who cares enough.  But if their internal network is exposed, I'd refrain from using my credit card there - just to be sure.

This is just my opinion...

Ants

Hi, do you know if they have or will provide details of what the new requirements are?

Hey, thanks everybody for your input. I think that I should now be able to workout a way forward.

Thanks plan2000, I'll check out that Markovian filter, sounds interesting.

And yeah, I'll publish here in a month or two. I hope that it holds up to your expectations.

timmedin, what you need are some trained Bees,  http://www.techchee.com/2007/09/16/bees-can-be-trained-to-sniff-out-explosivesperhaps-drugs-too/. I remember seeing this way back and thinking that it was cool.

Thanks Ketchup, but sorry, I can’t really do that. I think that I didn’t explain my request clearly in the original post.

Let me start (restart) by trying to explaining more about the project that I am trying to do.

My project is called - A Statistical Analysis of Password Composition – I decided to do this because I am slightly in awe of good statistics. They can be fascinating. One particularly interesting statistic is called Benford's Law http://www.intuitor.com/statistics/Benford%27s%20Law.html.  According to Benford’s Law, natural occurring numbers statistically begin with the lower order digits; 30% start with "1", 18% with "2" etc down to only 4.6% starting with 9. Rather than all the digits, 1-9, having an equal 11% chance of starting with these numbers. This seems counter-intuitive. This law has been used by tax authorities to easily discover dodgy accounts because if people are using made up numbers they tend to use as many numbers starting with a 9 as numbers starting with a one.

I decided to do an analysis of passwords to see if I could find any interesting statistical trends. To do this I got lists of cracked passwords from cracking sites such as milw0rm and gdataonline. I then had to manipulate the data a bit, for example, to filter out duplicate requests from the same person.
I now have some possible trends that I need to test to confirm that that they are correct. To do this I can’t use any of the data that I already have and I can’t make up the data. It might be OK for companies trying to sell fish oil pills to do this but I want to get good true results. For example, say I was trying to work out the odds of the result of a coin toss and I flipped a coin 6 times and I got six heads (it is possible). I could deduce that flipping a coin will always results in heads. Now if I want to test this theory, I need new data, if I use my existing data (the previous six heads results) I will confirm that it always results in heads...

So, what I was hoping to get from you guys was actual hashes that you encountered through your work as ethical hackers etc.

Thanks,
Ants

Thanks Ketchup.

I was already aware of milw0rm but it doesn't really suit my requirements.

I want to try to optimise the speed of the cracking, I won't be trying (or able to be honest) to increase the success rate.
For my testing, I need real average type passwords. The passwords that milw0rm hasn't or didn't crack will be more unusual.
Also for similar reasons, I can't use the list of passwords that it has cracked because I want a statistically Normal representative of passwords.

Thanks hackly66, that is a useful site. I have also used the Crypt::PasswdMD5 perl module to create a fairly simple script that allows me to encrypt lists of passwords. However, for my testing I can't use my own passwords, I need real passwords.

 

Hi guys,

I am looking for some help.

I am doing a project on password cracking optimisation based on the statistical make up of passwords. I have done an analysis of over 1.5 million passwords and now I want to see if I can use this information to see if I can speed up dictionary/brute force password cracks.

So what I am looking for is some passwords hashes to crack, the more I can get the better!

I know that I could try some of the password cracking sites but I have already used them for the passwords for the analysis and I think that it is bad practice to use the same data for the testing.

So can you guys post some password hashes? I would prefer FreeBSD MD5 type hashes but am not too fussed. You can also remove any identifiable data like the account names, all that I want is the actual hashes. Or else can anybody point me to a good source of real life password hashes?

Thanks

Ants