Penetration Testing mailing list archives
Re: Craking Serv-u passwords stored in .ini file.
From: Nigel Stepp <stepp () atistar net>
Date: Fri, 03 Sep 2004 09:29:45 -0400
Altheide, Cory B. (IARC) wrote:
-----Original Message-----From: Scovetta, Michael V [mailto:Michael.Scovetta () ca com] Sent: Thursday, September 02, 2004 1:23 PM To: Altheide, Cory B. (IARC); Jérôme ATHIAS; pen-test () securityfocus comSubject: RE: Craking Serv-u passwords stored in .ini file.I realize this is pedantic, but there's a fundamental difference between "cracking" MD5 and looking up pre-computed values.
[ snip ]
The only real difference is by using precomputed tables you're front-loading your work and only doing computations that would normally be needlessly repetitive once. Otherwise the "cracking," as it were, is the basically same.
I think the point in question is that you are not cracking *MD5*. That would entail finding a weakness in the MD5 algorithm that allowed you to reverse the hash, or more easily find what created the hash you are looking at.
Using rainbow tables and such is just brute force, and doesn't have a lot to do with the specific hashing algorithm.
-- Cory ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
-- :wq ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- RE: Craking Serv-u passwords stored in .ini file., (continued)
- RE: Craking Serv-u passwords stored in .ini file. M. D. (Sep 02)
- Re: Craking Serv-u passwords stored in .ini file. Jérôme (Sep 02)
- Re: Craking Serv-u passwords stored in .ini file. Hans Porter (Sep 02)
- Re: Craking Serv-u passwords stored in .ini file. Marius Huse Jacobsen (Sep 09)
- Re: Craking Serv-u passwords stored in .ini file. Hans Porter (Sep 02)
- RE: Craking Serv-u passwords stored in .ini file. Scovetta, Michael V (Sep 02)
- RE: Craking Serv-u passwords stored in .ini file. Ferruh Mavituna (Sep 02)
- RE: Craking Serv-u passwords stored in .ini file. Altheide, Cory B. (IARC) (Sep 02)
- RE: Craking Serv-u passwords stored in .ini file. Ferruh Mavituna (Sep 02)
- RE: Craking Serv-u passwords stored in .ini file. Scovetta, Michael V (Sep 02)
- RE: Craking Serv-u passwords stored in .ini file. Altheide, Cory B. (IARC) (Sep 02)
- Re: Craking Serv-u passwords stored in .ini file. Nigel Stepp (Sep 04)
- RE: Craking Serv-u passwords stored in .ini file. M. D. (Sep 03)
- RE: Craking Serv-u passwords stored in .ini file. avarni (Sep 04)
- Re: Craking Serv-u passwords stored in .ini file. Hans Porter (Sep 07)
- Re: Craking Serv-u passwords stored in .ini file. Jérôme (Sep 03)
- RE: Craking Serv-u passwords stored in .ini file. M. D. (Sep 08)