HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 72 guests online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Otherarrow Challenge
EH-Net
May 19, 2013, 09:46:19 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Challenge  (Read 8752 times)
0 Members and 1 Guest are viewing this topic.
Hug_It
Newbie
*
Offline Offline

Posts: 28


View Profile
« on: August 01, 2006, 02:59:48 PM »
Have you seen this?

http://weblog.infoworld.com/securityadviser/archives/2006/07/win_money_and_b.html

The guy is offering prizes for cracking his NTLM passwords. The catch is they are long passwords 10-15 characters with varying complexity.

The question I have for you all is what strategy would you use to start cracking these passwords?

I was thinking the best way would be to start generating simple lowercase alpha rainbow tables with a length of exactly 15 characters. The second one just seems like it should be the easiest to tackle first. Am I way off?
Logged
CISSP
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4165


Editor-In-Chief


View Profile WWW
« Reply #1 on: August 01, 2006, 03:31:31 PM »
I actually tried this with one of my CEH classmates. He created a long and complex NTLM password and asked if I could crack it. I had 0phcrack and a set of rainbow tables that was just under 800MB. The problem ends up being that most rainbow tables don't have entries for passwords with spaces in them. So the one I used couldn't do it. So you may need to try a hybrid attack and account for spaces.

You could always use one of the password cracking services out there. You give them a hash, they will eventually crack it. Some services are free other are not. So it may not be worth the time or the money.

Could be fun though.

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
LSOChris
Guest
« Reply #2 on: August 01, 2006, 03:47:07 PM »
the 10 character one should be doable, specially if its an LM hash, he doesnt say if there are LM or NTLM...

the 15 character ones would be quite a bear to crack, i too many people have 15 character NLTM rainbow tables lying around...

have to hybrid/brute force them.

of course when i was doing research for my rainbow tables paper i read that if you could have a 1 character password that no password cracker would ever crack.  know what it was? any chracter made with the alt command because password crackers dont check for those characters...
Logged
Hug_It
Newbie
*
Offline Offline

Posts: 28


View Profile
« Reply #3 on: August 01, 2006, 03:49:17 PM »
Most services, even the commercial ones, only have NTLM tables for up to 9 characters max. So basically if you want to use rainbow tables, you're going to have to create your own. I've tried a multitude of available resources and tools. It's an interesting practical exercise that's for sure.
Logged
CISSP
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.071 seconds with 24 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.