Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Etc/shadow file and john

from [Clement Dupuis] Network Security [Permanent Link]
Subject: RE: Etc/shadow file and john
Date: Thu, 28 Jul 2005 17:11:01 -0400 
I agree Rainbow Tables can greatly speed up the process.

However, it might take you a long time to generate them.  I spend 68 days
generating mine and then I found out about http://www.rainbowtables.net
These guys have the tables for sale, at the price they sell them, it was not
worth spending 68 days processing mine.

Rainbow tables are very fast, really worth a try.

Clement


Clément Dupuis, CD
President/Security Evangelist/Chief Learning Officer (CLO)
CCCure Enterprise Security & Training Inc.
CISSP, GCFW, GCIA, Security+, CEH, CCSA, MBNS, MBIS, MBHS, CCSE, ACE

Maintainer of :

The CISSP and SSCP Open Study Guides Web Site
http://www.cccure.org      

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org    
  


-----Original Message-----
From: Leandro Reox [mailto:lmet5on@fibertel.com.ar]
Sent: Wednesday, July 27, 2005 10:45 PM
To: 'Sherwyn Williams'; pen-test@securityfocus.com
Subject: RE: Etc/shadow file and john

An effective method to get passwords is to pass them trough specific
generated rainbow tables with a tool like CAIN.
Is this hash encrypted with md5 or another known hashing algorithm ?

Cheers

--
Leandro Reox
http://www.securearg.net/ Secure from the source
-----Original Message-----
From: Sherwyn Williams [mailto:sherwill22@tmail.com]
Sent: Wednesday, July 27, 2005 1:57 PM
To: pen-test@securityfocus.com
Subject: Etc/shadow file and john

I am doing an assesment for passwords on a network, after getting the
password file I piped the output to a text file, tried to run that
against John and can't get any luck with the program. Do anyone here
uses any other password programs, and is there a better format than a
text file to store the out of the etc/shadow when trying to get the
passes.
Sherwyn Williams
Technical Consultant
Sherwill22@tmail.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Identification of non Cisco AP's, Todd Towles
Next by Date:  Re: bluetooth devices list ?, Jerome Athias
Previous by Thread:  Re: Etc/shadow file and john, Sherwyn Williams
Next by Thread:  Re: Etc/shadow file and john, Dave Spencer
Indexes:  [Date] [Thread] [Top] [All Lists]