.

Brute Force Password to long

<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Tue May 05, 2009 3:46 pm

Brute Force Password to long

I am running Cain and I got kerberos5 PreAuth Hash when I was sniffing the network, so I am doing a Brute-Force Attack, I set the password length from 6 to 8 lower letters and numbers and take so looooong, that I run it for about 2 1/2 week, I did a test with one password 4 letters and I put the only letters in that password and that was fast, but that is not the normal scenario (in this case I know the passord).

Do you know another tool to Brute Force password a little fast?
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

TTewell

Newbie
Newbie

Posts: 21

Joined: Mon Apr 20, 2009 7:09 pm

Post Tue May 05, 2009 6:40 pm

Re: Brute Force Password to long

why don't you download some rainbow tables?
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue May 05, 2009 8:15 pm

Re: Brute Force Password to long

8 characters, lowercase only, plus numbers @ 500K pass/sec = 66 days

http://www.lastbit.com/pswcalc.asp
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Tue May 05, 2009 9:31 pm

Re: Brute Force Password to long

Interesting site.

What is rainbow tables?
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Tue May 05, 2009 11:06 pm

Re: Brute Force Password to long

Rainbow tables are precomputed hashes so all you have to do to determine the password is do a lookup. The trade off is lots of storage vs. lots of time. You can find some details on wikipedia.
http://en.wikipedia.org/wiki/Rainbow_table

As an asside, here is how keberos authentication works in a nice little picture
Image
twitter.com/timmedin | http://blog.securitywhole.com
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Tue May 05, 2009 11:08 pm

Re: Brute Force Password to long

Thanks.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue May 05, 2009 11:54 pm

Re: Brute Force Password to long

Try this article by our very own Chris ates:

Tutorial: Rainbow Tables and RainbowCrack

Don
CISSP, MCSE, CSTA, Security+ SME
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Wed May 06, 2009 3:53 pm

Re: Brute Force Password to long

Ok, I was checking the rainbow tables and the rcrack tool (incluring the tutorial of this site), but when I sniff using Cain I got Kerb5 PreAuth Hashes.

Not LM or NTLM or MD5.

So what do you recommend me?
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

TTewell

Newbie
Newbie

Posts: 21

Joined: Mon Apr 20, 2009 7:09 pm

Post Wed May 06, 2009 8:04 pm

Re: Brute Force Password to long

How much time do you have on your hands?  lol  I can't think of some place off hand that has a Kerberos rainbow table available for download and the table would probably be MASSIVE because kerberos hashes are more complex.  Perhaps a dictionary attack would be quicker?
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Fri May 08, 2009 7:53 am

Re: Brute Force Password to long

Keberos isn't a big deal. The encrypted piece send from the KDC is encrypted with your password hash. All you have to do is have a large list of hashes.
twitter.com/timmedin | http://blog.securitywhole.com

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software