HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 54 guests and 1 member online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Otherarrow Challenge
EH-Net
May 25, 2012, 05:44:12 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Challenge  (Read 8256 times)
0 Members and 2 Guests are viewing this topic.
Hug_It
Newbie
*
Offline Offline

Posts: 28


View Profile
« on: August 01, 2006, 02:59:48 PM »
Have you seen this?

http://weblog.infoworld.com/securityadviser/archives/2006/07/win_money_and_b.html

The guy is offering prizes for cracking his NTLM passwords. The catch is they are long passwords 10-15 characters with varying complexity.

The question I have for you all is what strategy would you use to start cracking these passwords?

I was thinking the best way would be to start generating simple lowercase alpha rainbow tables with a length of exactly 15 characters. The second one just seems like it should be the easiest to tackle first. Am I way off?
Logged
CISSP
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 3917


Editor-In-Chief


View Profile WWW
« Reply #1 on: August 01, 2006, 03:31:31 PM »
I actually tried this with one of my CEH classmates. He created a long and complex NTLM password and asked if I could crack it. I had 0phcrack and a set of rainbow tables that was just under 800MB. The problem ends up being that most rainbow tables don't have entries for passwords with spaces in them. So the one I used couldn't do it. So you may need to try a hybrid attack and account for spaces.

You could always use one of the password cracking services out there. You give them a hash, they will eventually crack it. Some services are free other are not. So it may not be worth the time or the money.

Could be fun though.

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
LSOChris
Guest
« Reply #2 on: August 01, 2006, 03:47:07 PM »
the 10 character one should be doable, specially if its an LM hash, he doesnt say if there are LM or NTLM...

the 15 character ones would be quite a bear to crack, i too many people have 15 character NLTM rainbow tables lying around...

have to hybrid/brute force them.

of course when i was doing research for my rainbow tables paper i read that if you could have a 1 character password that no password cracker would ever crack.  know what it was? any chracter made with the alt command because password crackers dont check for those characters...
Logged
Hug_It
Newbie
*
Offline Offline

Posts: 28


View Profile
« Reply #3 on: August 01, 2006, 03:49:17 PM »
Most services, even the commercial ones, only have NTLM tables for up to 9 characters max. So basically if you want to use rainbow tables, you're going to have to create your own. I've tried a multitude of available resources and tools. It's an interesting practical exercise that's for sure.
Logged
CISSP
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.12 seconds with 22 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.