Dictionary file?

[VaeVictis]

in theory, brute forcing is 100% effective given you have enough time to do it... lol

rainbow tables dont always work, but they are a GREAT solution... if you have a 500gb-3tb laying around for some kickass tables

but i dont care how strong your password is, if i get local access the computer is mine one way or another

ive learned that chntpw is the easiest way to erase the password of some one who has forgotten their password or its always a good fallback on systems you have to work on that are password protected but you dont have a password and your other cracking tools like rainbow tables have failed :/

i have more use for cracking passwords than just pen-testing obviously, generally old people who pay me to get their computer back to a useable state after they forgot their password... low level tech stuff... but easy money why would i not do that!?

that and i love going through and doing every type of exploit i possibly can on my own systems and networks as its a very good way to see how its done, solidify some information ive learned, put concepts into practice, and audit my own shit

one of my desktops even boots up with the windows hills instead of a blue screen right before the login screen because i used an old known exploit in the schedualed task function of xp to get access to the system account lol

btw if you guys havent seen the stupid little trick to get a batch file that starts cmd.exe out of mspaint, you gotta look it up xD made me laugh...

anyway... largest word list i got my hands on so far is only 35mb, i hear tell of word lists up in the 3gb range so ill continue my search...

[VaeVictis]

btw... on the subject of rainbow tables, i just found a 40gb stockpile of rainbow tables for common ssid/password combinations to crack WPA networks that should speed some shit up...

however, i just need to get the extra harddrive for my laptop to do the persistent backtrack install so i can install the proprietary nvidia drivers and use my cuda cores to rape WPA 20k keys per second anyone?

[reaper]

This (035d732ca3f4f5d5cdcd68eec7e0fcbb) is probably an MD5 hash of not a common input.  You'd have to brute force it, so send input like, a-zA-Z0-9~`!@#$%^&*()_+-={}|[]\:";',./<>?, until you get a matching hash.  So it's not really encrypted, it's hashed, at least it would appear to be.  I have a pentium 3, I'm not going to sit and let it run for two weeks.

[QwazyWabbit]

Yeah, it's trivial to crack a password. It's even trivial to find the password that generates a given MD5 hash, right? Do you even think it will take only 2 weeks to crack it on a P3? How about a P7? I would probably even accept a collision result, but it's very unlikely you would even get a collision. You have 4 hours left to demonstrate how trivial it is to crack a password.

[reaper]

How about a week?  Also I meant to say something else about the passwords, I just used the wrong words like I noted before.

[VaeVictis]

i think he meant to say cracking passwords is for noobs, and real hackers exploit zero day exploits to break into systems and hand them root access...

[QwazyWabbit]

Ah, another clearly thought out expression from the fingers attached to the well-trained and self-evident mind. Cracking passwords is for noobs but using an array of supposed zero-days, not written by yourself from self-discovered zero-days isn't for noobs? Downloading 'zero-days' isn't noob behavior? Hmmmm....

Here's a list of sites I want you to launch your zero-days at:
microsoft.com
google.com
apple.com
tastyspleen.net
fbi.gov
nsa.gov
nasa.gov
navy.mil

Let me know how many work and how it all works out for you when you root them.

[reaper]

You don't just download zero day exploits.  They aren't known, they are in people's pockets.  As well the exploits on the web usually have the port numbers changed in the shellcode, or something along those lines.  Many times you would have to know quite a bit to even use an exploit.  Vae's original question stated goals of being a security researcher, and I noted the best researchers would proove the problem, so development effort that requires resources would be awarded.  Pretty funny if you ask me, you ask me to proove the password can be cracked, when I meant to say something else, and it wasn't my point, while I was saying why prooving things was good for security research.

 

I"m also fairly sure I can generate a collision with MD5.  There are known weaknesses in the hashing function.  This makes the output of the function not so unique. 

[VaeVictis]

You don't just download zero day exploits.  They aren't known, they are in people's pockets.  As well the exploits on the web usually have the port numbers changed in the shellcode, or something along those lines.  Many times you would have to know quite a bit to even use an exploit.  Vae's original question stated goals of being a security researcher, and I noted the best researchers would proove the problem, so development effort that requires resources would be awarded.  Pretty funny if you ask me, you ask me to proove the password can be cracked, when I meant to say something else, and it wasn't my point, while I was saying why prooving things was good for security research.

 

I"m also fairly sure I can generate a collision with MD5.  There are known weaknesses in the hashing function.  This makes the output of the function not so unique. 

actually i stated an interest in penetration testing which i dont exactly see being my career... but pen-testers dont use zero day exploits often if at all, they are penetration testing a network for a company to uncover REAL security vulnerabilities that a security audit may not show or give false positives for penetration tests are required by law for certain standards even

a security audit is the low level where you just run a program or do some scans and you find the weaknesses, where a pen-test goes in and exploits those weaknesses and keeps moving deeper as far as possible to uncover everything they can to show the weaknesses

there is a large difference between what you are talking about and me asking for a dictionary file to crack some damn passwords lol

[reaper]

Both a security researcher and penetration tester should know software security.  An automated scan isn't going to be able to check that every web application doesn't check its input.  Why would you test only for common passwords, and ignore out of date software that could root a box, or a web application that could produce a shell?  Take a look at metasploit.  It's a common penetration testing tool that throws a bunch of exploits at something.  You could probably even get more granular with it using nmap to enumerate services (lots of work was put into exposing what's really listening on a TCP/UDP port).

[VaeVictis]

Both a security researcher and penetration tester should know software security.  An automated scan isn't going to be able to check that every web application doesn't check its input.  Why would you test only for common passwords, and ignore out of date software that could root a box, or a web application that could produce a shell?  Take a look at metasploit.  It's a common penetration testing tool that throws a bunch of exploits at something.  You could probably even get more granular with it using nmap to enumerate services (lots of work was put into exposing what's really listening on a TCP/UDP port).

metasploit is used a lot yes, but those arent zero day exploits exactly... they are often known exploits that some one failed to patch that make breaking into certain versions of software easy, they were zero day at one point in time, but honestly they are easy to execute with the help of something like metasploit rather than having to code your own malware to exploit it or something to that extent

and you dont have to be a pro coder to exploit most of the known exploits around lol

and imo nmap is very easy to use, and you can verify service banners with something like httprint to see what exactly is running on a certain port via foot printing rather than banner grabbing i did this against tastyspleen's port 80 and even had a conversation with quadz on it as his banner gives way more information than needed and then we got into a discussion about a security through obscurity thing and blah blah blah... yeah you can even go one step beyond nmap and use something like hping to do some very cool nitty gritty stuff like audit firewall state tables by making custom packets fly through under different protocols to see what exactly the firewall wants to filter so you can bypass it by masking traffic with something else like fragrouter lol (hping does have fragmentation built in, and so does nmap though)

you might have needed to be an epic coder and know some over the top things to hack systems in years past, but that simply isnt the case anymore... you need moderate coding skills to be really pro, but you can get by no problem with very little coding skills due to the amount of tools that exist to make security experts lives easy and a pain all at once

even famous hackers like johny long use backtrack and many of the advanced tools to make things go faster and easier so dont even try to say its the script kiddy way to do shit cause thats exactly what you have said in previous posts

i am going through actual CEH and CPTE training, and they specifically go over how to do certain attacks with software included in backtrack, and even windows software such as cain & abel... its just how shit is done now

[[BTF]Sigma]

Here's a list of sites I want you to launch your zero-days at:
...
tastyspleen.net
...

Let me know how many work and how it all works out for you when you root them.

One does not simply zero-day into Mordorspleen!!!!

[reaper]

metasploit is used a lot yes, but those arent zero day exploits exactly... they are often known exploits that some one failed to patch that make breaking into certain versions of software easy, they were zero day at one point in time, but honestly they are easy to execute with the help of something like metasploit rather than having to code your own malware to exploit it or something to that extent

and you dont have to be a pro coder to exploit most of the known exploits around lol

I'm not sure about most, but it sounds like you're limiting yourself to just running the software, then your audit is probably flawed.

and imo nmap is very easy to use, and you can verify service banners with something like httprint to see what exactly is running on a certain port via foot printing rather than banner grabbing i did this against tastyspleen's port 80 and even had a conversation with quadz on it as his banner gives way more information than needed and then we got into a discussion about a security through obscurity thing and blah blah blah... yeah you can even go one step beyond nmap and use something like hping to do some very cool nitty gritty stuff like audit firewall state tables by making custom packets fly through under different protocols to see what exactly the firewall wants to filter so you can bypass it by masking traffic with something else like fragrouter lol (hping does have fragmentation built in, and so does nmap though)

nmap is really complex.  you can scan a system without every directly communicating with it.  as well I don't think it's so easy to know all the options, and know how it exposes the application on a socket.  for example in UDP it sometimes has to run tons of tests to get an application response.  as well what triggers an IPS/IDS response from nmap?

you might have needed to be an epic coder and know some over the top things to hack systems in years past, but that simply isnt the case anymore... you need moderate coding skills to be really pro, but you can get by no problem with very little coding skills due to the amount of tools that exist to make security experts lives easy and a pain all at once

that is far from the definition of pro in my opinion.  if you're doing security audits you should know what's going on, and not just run a tool, in fact, tools won't even expose all the problems.  you are going to find every problem with CGI using  a scanner?

[VaeVictis]

ya know what, i give up :/ you are too stubborn and just want to jump at every chance you can possibly get to insult me because i asked for a dictionary file and showed interest in something you think i shouldnt

i could continue this argument for days countering your statements and having you counter mine, and then countering yours again, and it would go absolutely nowhere, so im just gonna drop it and say if you know where to get an epic dictionary file let me know, otherwise stfu please i dont really care about your opinions on the implementation of coding knowledge in hacking

[reaper]

I haven't been insulting you just giving you an opinion.  You can't really counter the claim that you can very likely miss things by only knowing how to use automated tools, and how that's very important relating to security.  If that's what you want to do, why don't you do what's needed to be done?