Best Password Cracker In The World
Best Password Cracker In The World
Not sure if anyone has heard of this but it seems to be fucking amazing. It can crack Fgpyyih804423" in 160 seconds
Seems pretty sweet. Its called OPHCRACK
Check out the article here
http://www.codinghorror.com/blog/archives/000949.html
Anyone know of any better than this?
Seems pretty sweet. Its called OPHCRACK
Check out the article here
http://www.codinghorror.com/blog/archives/000949.html
Anyone know of any better than this?
- computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
Re: Best Password Cracker In The World
You obviously have not checked the download sectionbryanoens wrote:Not sure if anyone has heard of this but it seems to be fucking amazing. It can crack Fgpyyih804423" in 160 seconds
Seems pretty sweet. Its called OPHCRACK
Check out the article here
http://www.codinghorror.com/blog/archives/000949.html
Anyone know of any better than this?
Ok well now that I have Ophcrack, im a little unsure on how to use it. I got the 700mb rainbow table but I cant seem to load any hashes. I tried to manually enter in hashes, didnt work. I tried getting them from the encrypted SAM and that didnt work. I read somewhere online that to get the hashes from SAM, you need to decrypt the file. But I also read it is a very long and difficult process to decrypt it. I was wondering if there is an easy way to find local hashes on my computer or if theres a way to decrypt SAM that wont take years of learning. Thanks
1 word "cain"bryanoens wrote:Ok well now that I have Ophcrack, im a little unsure on how to use it. I got the 700mb rainbow table but I cant seem to load any hashes. I tried to manually enter in hashes, didnt work. I tried getting them from the encrypted SAM and that didnt work. I read somewhere online that to get the hashes from SAM, you need to decrypt the file. But I also read it is a very long and difficult process to decrypt it. I was wondering if there is an easy way to find local hashes on my computer or if theres a way to decrypt SAM that wont take years of learning. Thanks
- hpprinter100
- Fame ! Where are the chicks?!
- Posts: 214
- Joined: 19 Oct 2007, 16:00
- 16
- Contact:
since I am an Admin, I can flame
Hey, is it me, or does everyone have Deja Vu?
DNR
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
- computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
-
- Kage
- Posts: 732
- Joined: 31 Mar 2007, 16:00
- 17
- Location: Hidden in a Buffer Protection.
- Contact:
First of all, do you realize how the rainbow tables work?!
A Rainbow Table is basically a lookup table that uses a method called Time-Memory-TradeOff. This method basically suggests that it would compress the memory needed to do a certain task. Basically, instead of loading a bigggggggg dictionary attack file into memory it compresses the bytes used from the plaintext to other means such as the current processed one. This small compression can result in big and faster attacks. The problem with Time-Memory-Tradeoff is it's only useful if you have a super computer. ^^ These kind of attacks are fast, but use LOTS of resources. Like said above, a Table cost you a good 700mb, while a brute force attack could generate the same amount of guesses in a logged attack, brute forcing is very slow and repeative, and these Tables basically kill brute force attacks anyday. Brute force attacks use plaintext and most load one by one each plaintext, that is resource consuming, with Rainbow Tables it just puts the results in a "Table" to save memory.
Now, bout our friend Cain. Totally script kiddie tool, but hey, what ever floats your boat. I use it only because it gets the job done. But, I have to admit, Cain's brute force attacks take beyond what Rainbow Tables do. This is because of Time-Memory-Tradeoff which can process more then twice the speed of a normal brute force.
If you have enough resources, use the Tables! There are a bunch out there, Rainbow Crack, OPHCRACK, and there are even other types of crackers better then Cain, Ritz Crackers(jk), John the Ripper I heard was good(never tried it though. Think its good for LM hashes..)
A Rainbow Table is basically a lookup table that uses a method called Time-Memory-TradeOff. This method basically suggests that it would compress the memory needed to do a certain task. Basically, instead of loading a bigggggggg dictionary attack file into memory it compresses the bytes used from the plaintext to other means such as the current processed one. This small compression can result in big and faster attacks. The problem with Time-Memory-Tradeoff is it's only useful if you have a super computer. ^^ These kind of attacks are fast, but use LOTS of resources. Like said above, a Table cost you a good 700mb, while a brute force attack could generate the same amount of guesses in a logged attack, brute forcing is very slow and repeative, and these Tables basically kill brute force attacks anyday. Brute force attacks use plaintext and most load one by one each plaintext, that is resource consuming, with Rainbow Tables it just puts the results in a "Table" to save memory.
Now, bout our friend Cain. Totally script kiddie tool, but hey, what ever floats your boat. I use it only because it gets the job done. But, I have to admit, Cain's brute force attacks take beyond what Rainbow Tables do. This is because of Time-Memory-Tradeoff which can process more then twice the speed of a normal brute force.
If you have enough resources, use the Tables! There are a bunch out there, Rainbow Crack, OPHCRACK, and there are even other types of crackers better then Cain, Ritz Crackers(jk), John the Ripper I heard was good(never tried it though. Think its good for LM hashes..)
Last edited by ebrizzlez on 23 Oct 2007, 04:35, edited 2 times in total.
[img]http://i81.photobucket.com/albums/j205/ebrizzlez/4lsint1.jpg[/img]
-
- Kage
- Posts: 732
- Joined: 31 Mar 2007, 16:00
- 17
- Location: Hidden in a Buffer Protection.
- Contact:
No offense, but maybe you dont understand.Well.. it does crack LA hashes, but your sorta right, LM is cracked easier.bubzuru wrote:LA hashes ?? do you mean LM
Why you ask? Because you want that good ole' Sammy file. xD jk.
Actually, LA hashes come in more varieties then just one hash, rather LM is just one main hash. LA has sub-hashes based on the alogirthm provided in LA, this may sound confusing but its not.
Basically someone took the LA hash and said: "I am gonna make this better". So these types of people go out, and basically go crazy. Now we got the LA2 hash, LA2K hash and other varities, all not so common now in these days.
[::EDIT::]
Ok well now that I have Ophcrack, im a little unsure on how to use it. I got the 700mb rainbow table but I cant seem to load any hashes. I tried to manually enter in hashes, didnt work. I tried getting them from the encrypted SAM and that didnt work. I read somewhere online that to get the hashes from SAM, you need to decrypt the file. But I also read it is a very long and difficult process to decrypt it. I was wondering if there is an easy way to find local hashes on my computer or if theres a way to decrypt SAM that wont take years of learning. Thanks
Bubzuru recommended Cain, the only problem is.... Cain is a bit slow, but he gets the job done.
ermmm... I dont see why you would need to "decrypt" the SAM file if you are on that current box, unless your like me and lost the password, or your doing it for your own education. Either way, it may take a while.
There is an entire Linux live cd distro made for cracking the SAM. In fact, once it boots in, it automatically starts to crack the SAM.
Btw, some tables wont load into memory so they wont work because they are such huge files!
John the Ripper is a good choice, or you can check out http://www.insecure.org for more password crackers.
[img]http://i81.photobucket.com/albums/j205/ebrizzlez/4lsint1.jpg[/img]
- ghostbrain
- Newbie
- Posts: 1
- Joined: 29 Nov 2007, 17:00
- 16
well,first of all we don't support malicious purposes around here.ghostbrain wrote:Yahh.....you are absolutely right......probably John The Ripper Is the best choice...
But someone can suggest me.. how do i expose a FTP userid and password remotely.
Thanks..........
Second of all, it would depend on the FTP service that is running on the server. Because there could be a vulnerability of some sort that could help you with what you want to do.
Third and last thing is that bruteforcing a remote server is never the answer. It can takes days-weeks yeah...even months, to crack a password depending on how strong the password is and how fast/secure the server is. Also it would light the server log like me in a comic book store.
"The best place to hide a tree, is in a forest"