Re: Rainbow Tables

From: DokFLeed (dokfleed@dokfleed.net)
Date: Thu Feb 09 2006 - 05:12:49 EST


on a side note,
Did anyone ever get a rainbow table working on NTLM ?

----- Original Message -----
From: "Flory Jeffrey D Ctr 59 MDSS/MSISI"
<Jeffrey.Flory2.ctr@lackland.af.mil>
To: "Terry Vernon" <tvernon24@comcast.net>; "'Craig Wright'"
<cwright@bdosyd.com.au>; "'ROB DIXON'" <RDIXON@workforcewv.org>
Cc: <pen-test@securityfocus.com>
Sent: Wednesday, February 08, 2006 11:25 PM
Subject: RE: Rainbow Tables

>I agree, trial version never have really proven what the product will do
> since you cannot utilize most of almost all the functions that a full
> version offers. I personally will download freeware or shareware first
> and
> test it out. Like you I find it to be worthless, I trash it. If I like
> the
> tool and its functionality, I will keep it and try to boost its
> performance,
> if possible.
>
> Jeff
>
> -----Original Message-----
> From: Terry Vernon [mailto:tvernon24@comcast.net]
> Sent: Wednesday, February 08, 2006 1:34 AM
> To: 'Craig Wright'; 'ROB DIXON'
> Cc: pen-test@securityfocus.com
> Subject: RE: Rainbow Tables
>
>
> I agree, back in my not so nice and legal days I had everything commercial
> you could think of and used it to do some not so nice and legal things.
> Some
> of it I did find useful enough to pay for while the majority being crap.
> This was pre 2000. Like everyone else I don't like buying a car before I
> drive it so-to-speak. Sadly not enough vendors offer full featured
> versions
> as trial demos.
>
> -Terry
>
> (I know EVERYONE on this list has at least one cracked thing installed at
> home/work ;) )
>
> -----Original Message-----
> From: Craig Wright [mailto:cwright@bdosyd.com.au]
> Sent: Tuesday, February 07, 2006 9:07 PM
> To: ROB DIXON
> Cc: pen-test@securityfocus.com
> Subject: RE: Rainbow Tables
>
>
> Please explain 'WHY' a "malicious attacker" is NOT likely to use
> commercial
> products.
>
> In the real world attackers use "commercial products" all the time - from
> script kiddies up. There are numerous Warez and Crack sites distributing
> commercial software. There is a clear distinction from having to legally
> obtain software and using a cracked version, but this has nothing to do
> with
> use. If you are breaking the law by scanning, it is not likely that
> copyright laws will hinder you.
>
> There are far more LC5 installs than have been sold. Further, the
> commercial
> products are oft easier - thus attracting more people to use them.
>
>
> Craig
>
>
> -----Original Message-----
> From: ROB DIXON [mailto:RDIXON@workforcewv.org]
>
> Sent: 8 February 2006 5:04
> To: stark192@hotmail.com; pen-test@securityfocus.com
> Subject: Re: Rainbow Tables
>
> Hey Tony,
>
> The "others" should be informed that the malicious attacker is most
> likely to NOT use "commercial" products.
>
> And that for a true benchmark, maybe use the products that a malicious
> attacker would use. Most of which will probably be open source or free at
> the least. That is assuming that they are not writing their own software.
> ;)
> I guess I'm asking, how do you justify "not" using free products?
>
> You can buy pre-computated rainbow tables, but there are different
> rainbowtables for different types of hashes. Example: ntlm, ntlmv2, sha1 ,
> md5, etc.
>
>
> cheers,
>
> New Guy
>
> Robert L. Dixon, CSO
> CHFI A+
> State of West Virginia's
> West VIriginia Office of Techonology
> Infrastructure Applications
> Netware/GroupWise Administrator
> Telephone: (304)-558-5472 ex.4225
> Email:rdixon@workforcewv.org
>>>> <stark192@hotmail.com> >>>
>
> Hello,
>
> Trying to crack our password list at work, it's a long story, but it has
> been put on a higher priority. I've been looking for some good
> pre-computed
> hash tables, like Rainbow tables, that will work with LC5. Does anyone
> have
> a source?
>
> I'd like to use RainbowCrack but others want to stick to commercial
> products.
>
> Thanks,
>
> Tony
>
> ------------------------------------------------------------------------
> ------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are
> futile against web application hacking. Check your website for
> vulnerabilities to SQL injection, Cross site scripting and other web
> attacks
> before hackers do!
>
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ------------------------------------------------------------------------
> -------
>
>
>
> ------------------------------------------------------------------------
> ------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are
> futile against web application hacking. Check your website for
> vulnerabilities to SQL injection, Cross site scripting and other web
> attacks
> before hackers do!
>
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ------------------------------------------------------------------------
> -------
>
>
> Liability limited by a scheme approved under Professional Standards
> Legislation in respect of matters arising within those States and
> Territories of Australia where such legislation exists.
>
> DISCLAIMER
> The information contained in this email and any attachments is
> confidential.
> If you are not the intended recipient, you must not use or disclose the
> information. If you have received this email in error, please inform us
> promptly by reply email or by telephoning +61 2 9286 5555. Please delete
> the
> email and destroy any printed copy.
>
>
> Any views expressed in this message are those of the individual sender.
> You
> may not rely on this message as advice unless it has been electronically
> signed by a Partner of BDO or it is subsequently confirmed by letter or
> fax
> signed by a Partner of BDO.
>
> BDO accepts no liability for any damage caused by this email or its
> attachments due to viruses, interference, interception, corruption or
> unauthorised access.
>
> ----------------------------------------------------------------------------
> --
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are
>
> futile against web application hacking. Check your website for
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before
> hackers
> do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ----------------------------------------------------------------------------
> ---
>
>
> ----------------------------------------------------------------------------
> --
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are
>
> futile against web application hacking. Check your website for
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before
> hackers
> do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ----------------------------------------------------------------------------
> ---
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are
> futile against web application hacking. Check your website for
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before
> hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:28 EDT