NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Full-Disclosure> 2004-03

RE: [Full-Disclosure] commerical rainbow crack?

From: Ian Latter (Ian.Lattermq.edu.au)
Date: Tue Mar 23 2004 - 02:11:59 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Richard,

I haven't read the whole thread yet, but if this is what you came
to, then there are a couple of other options;

plJohn
http://www.hick.org/~johnycsh/code/

CHAOS
http://itsecurity.mq.edu.au/chaos/

plJohn is a perl wrapper for piping one dictionary combo out
into a swarm of JtR crackers (for an openMosix cluster primarily).
And then CHAOS is a bootable CD implementation of openMosix with
"forkjohn" - a binary version of plJohn that I implemented - to
do the same thing. Take your closest computer lab and dedicate
the whole thing to the process, and you'll have an audit outcome in
no time (exactly what I built CHAOS in the first place).

The advantage of this type of usage of JtR, versus systems like
djohn (and a couple of others) is that your don't need to modify the
JtR executable itself -- just pipe what you need around (you could
prolly use your imagination with netcat and get away with using it
without a cluster, if you're looking at something simpler).

The irony of ironies .. is that *the* password that I wanted to
audit; I still haven't established the hash-type for, so the primary
purpose has really become moot.

NB:

If you're going to end up brute forcing the password, rather than
dictionary-attacking it, then consider Cisilia also;
http://www.cisiar.org/proyectos/cisilia/home_en.php

----- Original Message -----
>From: "Richard Stevens" <richardtccnet.co.uk>
>To: <full-disclosurelists.netsys.com>
>Subject: RE: [Full-Disclosure] commerical rainbow crack?
>Date: Mon, 22 Mar 2004 21:28:12 -0000
>
> thanks to all for the input., looks like john it is, with a little more patience :)
>
> out of interest, anyone think a distributed project using john would be useful? something
like the SETI screen saver thing...
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

--
Ian Latter
Internet and Networking Security Officer
Macquarie University

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]