Re: Rainbow tables on Linux?
Johann Spies wrote: On Fri, Oct 24, 2008 at 12:12:40PM +0200, Maciej Korze?? wrote: You can crack hashes on-line for free at http://www.freerainbowtables.com/. I have tried, but when I paste a hash into the window and click on submit, I get the message: 'no hash found'. I could so far not find out what format the hash must have to be accepted. Regards Johann rainbow tables are useless (or near useless) against salted hashes (as used in linux) so you can forget about cracking it this way. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rainbow tables on Linux?
On Fri, Oct 24, 2008 at 12:12:40PM +0200, Maciej Korze?? wrote: > You can crack hashes on-line for free at http://www.freerainbowtables.com/. I have tried, but when I paste a hash into the window and click on submit, I get the message: 'no hash found'. I could so far not find out what format the hash must have to be accepted. Regards Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch "Do all things without murmurings and disputings: That ye may be blameless and harmless, the sons of God, without rebuke, in the midst of a crooked and perverse nation, among whom ye shine as lights in the world;" Philippians 2:14,15 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rainbow tables on Linux?
Ed Wiget wrote: > [...] > the open source rainbow tables are about 121GB (if my memory serves me > correctly) and are only available via bittorrent. I think it took me about 2 > months to download them. http://www.antsight.com/zsl/rainbowcrack/ > [...] You can crack hashes on-line for free at http://www.freerainbowtables.com/. -- Maciej Korzeń [EMAIL PROTECTED], [EMAIL PROTECTED] cell phone: +48 506 671 586 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rainbow tables on Linux?
Johan 'yosh' Marklund <[EMAIL PROTECTED]> wrote: > the open source rainbow tables are about 121GB (if my memory > serves me correctly) and are only available via bittorrent. > I think it took me about 2 months to download them. > http://www.antsight.com/zsl/rainbowcrack/ Out of interest, how long do you estimate it would have taken you to generate them locally? Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rainbow tables on Linux?
Also, something to consider, if you (or an attacker) have physical or remote access, game is over anywaysirregardless of passwords. Interesting point: this server is a Xen-domU and although I have access to the physical server, it is a bit more complicated to do interrupt the boot process to get root access. If the root-filesystem of the domU is not encrypted you can just halt the server and mount the filesystem in the dom0. Ciao, Alberto. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rainbow tables on Linux?
On Thu, Oct 23, 2008 at 09:27:56AM -0400, Ed Wiget wrote: > If you are not trying to break in and just testing windows passwords, then I > assume you also have access to the real passwords and usernames. Why don't > you just import them into linux and test them from there. My reasoning is > that if john can determine the passwords relatively quickly, then the > passwords are too weak. I am doing it on Linux. It is actually my own password on a server that I forgot. I can use other means (like ssh into the machine using public key authentication and sudo) to change the password, but I am curious about two things: Why I could not remember it and how to use Linux tools to crack it. > I did some performance testing on john using a dual core patch vs single core > at http://www.edwiget.name/content/view/195/27/ > > the open source rainbow tables are about 121GB (if my memory serves me > correctly) and are only available via bittorrent. I think it took me about 2 > months to download them. http://www.antsight.com/zsl/rainbowcrack/ Yes I know they are huge. But how would you use when targeting Linux passwords? As some said on this list it does not seem practical to use rainbow tables on Linux passwords. > Also, something to consider, if you (or an attacker) have physical or remote > access, game is over anywaysirregardless of passwords. Interesting point: this server is a Xen-domU and although I have access to the physical server, it is a bit more complicated to do interrupt the boot process to get root access. Thanks to all the people contributing to this thread. Regards. Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch "Do all things without murmurings and disputings: That ye may be blameless and harmless, the sons of God, without rebuke, in the midst of a crooked and perverse nation, among whom ye shine as lights in the world;" Philippians 2:14,15 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rainbow tables on Linux?
Ed Wiget skrev: > On Thursday 23 October 2008 06:53:05 Christian Franke wrote: > >> On 10/23/2008 12:14 PM, Johann Spies wrote: >> >>> Is it possible to use rainbow tables with a password cracker on Linux >>> like 'john'? If so, how? If not, is it possible with any other >>> password cracker on Linux? >>> > > If you are not trying to break in and just testing windows passwords, then I > assume you also have access to the real passwords and usernames. Why don't > you just import them into linux and test them from there. My reasoning is > that if john can determine the passwords relatively quickly, then the > passwords are too weak. > > I did some performance testing on john using a dual core patch vs single core > at http://www.edwiget.name/content/view/195/27/ > > the open source rainbow tables are about 121GB (if my memory serves me > correctly) and are only available via bittorrent. I think it took me about 2 > months to download them. http://www.antsight.com/zsl/rainbowcrack/ > > Also, something to consider, if you (or an attacker) have physical or remote > access, game is over anywaysirregardless of passwords. > > Still, it's sneakier to logon with somebody elses account. And if they retain their original password, who would suspect anything? :o /yosh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rainbow tables on Linux?
On Thursday 23 October 2008 06:53:05 Christian Franke wrote: > On 10/23/2008 12:14 PM, Johann Spies wrote: > > Is it possible to use rainbow tables with a password cracker on Linux > > like 'john'? If so, how? If not, is it possible with any other > > password cracker on Linux? If you are not trying to break in and just testing windows passwords, then I assume you also have access to the real passwords and usernames. Why don't you just import them into linux and test them from there. My reasoning is that if john can determine the passwords relatively quickly, then the passwords are too weak. I did some performance testing on john using a dual core patch vs single core at http://www.edwiget.name/content/view/195/27/ the open source rainbow tables are about 121GB (if my memory serves me correctly) and are only available via bittorrent. I think it took me about 2 months to download them. http://www.antsight.com/zsl/rainbowcrack/ Also, something to consider, if you (or an attacker) have physical or remote access, game is over anywaysirregardless of passwords. -- -BEGIN GEEK SIGNATURE- \| ascii: Ed Wiget \| hex: 65 64 20 77 69 67 65 74 \| bin: 01100101 01100100 0010 01110111 \| .: 01101001 01100111 01100101 01110100 \| m: 6064071838 l: 6067591175 e: [EMAIL PROTECTED] \| Version: 3.12 www.edwiget.name \| GIT d- s--: a C UL P+ L E--- W+++ N++ o+++ K- w--- \| O- M+ V PS+ PE Y+ PGP+ t 5 X- R- tv- b+ DI-- D \| G e+ h++ r++ y** --END GEEK SIGNATURE-- : The BOFH for today is. Melting hard drives : BOFH based on http://pages.cs.wisc.edu/~ballard/bofh/ signature.asc Description: This is a digitally signed message part.
Re: Rainbow tables on Linux?
On 10/23/2008 12:14 PM, Johann Spies wrote: > Is it possible to use rainbow tables with a password cracker on Linux > like 'john'? If so, how? If not, is it possible with any other > password cracker on Linux? As far as I know, the hashes in /etc/shadow are salted, so a rainbow table, for all possible salts and the the intended password range, would be probably very huge. Regards, Christian Franke signature.asc Description: OpenPGP digital signature
Re: Rainbow tables on Linux?
On Thu, Oct 23, 2008 at 12:14:57PM +0200, Johann Spies wrote: > > I have John now running for 74 hours to try and crack one > password. That is on a 2xquadcore Intel server. > > Regards > Johann Regular john doesn't use all of your cores for good reasons. More information can be found from http://www.openwall.com/john/. You should also check their wiki. - Henri Salo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rainbow tables on Linux?
Hi, I think you can't use rainbow tables on linux because it uses a salt http://en.wikipedia.org/wiki/Salt_(cryptography) ; that's why john is using bruteforce On Thu, Oct 23, 2008 at 12:14 PM, Johann Spies <[EMAIL PROTECTED]> wrote: > Is it possible to use rainbow tables with a password cracker on Linux > like 'john'? If so, how? If not, is it possible with any other > password cracker on Linux? > > I know about Ophcrack but it seems to be geared towards the Windows > environment. > > I have John now running for 74 hours to try and crack one > password. That is on a 2xquadcore Intel server. > > By the way, I am not trying to break in. I am testing the > effectiveness of John. > > Regards > Johann > -- > Johann Spies Telefoon: 021-808 4036 > Informasietegnologie, Universiteit van Stellenbosch > > "I press toward the mark for the prize of the high > calling of God in Christ Jesus." > Philippians 3:14 > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > >
Re: Rainbow tables on Linux?
Hi, Perhaps with rainbow crack ? You can seesource code for linux. here ==> http://www.antsight.com/zsl/rainbowcrack/ Regards Vincent Le jeudi 23 octobre 2008 à 12:14 +0200, Johann Spies a écrit : > Is it possible to use rainbow tables with a password cracker on Linux > like 'john'? If so, how? If not, is it possible with any other > password cracker on Linux? > > I know about Ophcrack but it seems to be geared towards the Windows > environment. > > I have John now running for 74 hours to try and crack one > password. That is on a 2xquadcore Intel server. > > By the way, I am not trying to break in. I am testing the > effectiveness of John. > > Regards > Johann > -- > Johann Spies Telefoon: 021-808 4036 > Informasietegnologie, Universiteit van Stellenbosch > > "I press toward the mark for the prize of the high > calling of God in Christ Jesus." >Philippians 3:14 > >
Rainbow tables on Linux?
Is it possible to use rainbow tables with a password cracker on Linux like 'john'? If so, how? If not, is it possible with any other password cracker on Linux? I know about Ophcrack but it seems to be geared towards the Windows environment. I have John now running for 74 hours to try and crack one password. That is on a 2xquadcore Intel server. By the way, I am not trying to break in. I am testing the effectiveness of John. Regards Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch "I press toward the mark for the prize of the high calling of God in Christ Jesus." Philippians 3:14 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]