Archive for the ‘passwordcracking’ Category


Date D A V Description Plat. Author
2011-01-14 Exploit Code Downloads Waiting verification Real Networks RealPlayer SP ‘RecordClip’ Method Remote Code Execution 106 windows Sean de Regge
2011-01-12 Exploit Code Downloads Verified MS11-002: Microsoft Data Access Components Vulnerability 181 windows Peter Vreugdenhil
2011-01-10 Exploit Code Downloads Verified MS10-081: Windows Common Control Library (Comctl32) Heap Overflow 243 windows Nephi Johnson
2011-01-09 Exploit Code Downloads Verified KingView 6.5.3 SCADA HMI Heap Overflow PoC 389 windows Dillon Beresford
2011-01-08 Exploit Code Downloads Download Vulnerable Application Verified NetSupport Manager Agent Remote Buffer Overflow 354 multiple ikki
2011-01-01 Exploit Code Downloads Download Vulnerable Application Verified HP Photo Creative 2.x audio.Record.1 ActiveX Control Remote Stack Based Buffer Overflow 571 windows rgod
2010-12-30 Exploit Code Downloads Waiting verification CA ARCserve D2D r15 Web Service Servlet Code Execution 384 windows rgod
2010-12-30 Exploit Code Downloads Download Vulnerable Application Verified QuickPHP Web Server Arbitrary (src .php) File Download 420 windows Pr0T3cT10n
2010-12-30 Exploit Code Downloads Download Vulnerable Application Waiting verification Chilkat Software FTP2 ActiveX Component Remote Code Execution 298 windows rgod
2010-12-29 Exploit Code Downloads Download Vulnerable Application Verified QuickPHP Web Server 1.9.1 Directory Traversal 336 windows John Leitch
2010-12-29 Exploit Code Downloads Download Vulnerable Application Verified httpdASM 0.92 Directory Traversal 234 windows John Leitch
2010-12-29 Exploit Code Downloads Verified DD-WRT Information Disclosure Vulnerability 384 hardware Craig Heffner
2010-12-26 Exploit Code Downloads Download Vulnerable Application Verified Kolibri v2.0 Buffer Overflow RET + SEH exploit (HEAD) 1591 windows TheLeader
2010-12-22 Exploit Code Downloads Download Vulnerable Application Verified WMITools ActiveX Remote Command Execution Exploit 0day 1418 windows WooYun
2010-12-22 Exploit Code Downloads Verified Citrix Access Gateway Command Injection Vulnerability 1120 linux George D. Gal
2010-12-21 Exploit Code Downloads Waiting verification Ecava IntegraXor 3.6.4000.0 Directory Traversal 444 windows Luigi Auriemma
2010-12-15 Exploit Code Downloads Verified Internet Explorer 8 CSS Parser Exploit 4036 windows Nephi Johnson
2010-12-14 Exploit Code Downloads Verified Crystal Reports Viewer 12.0.0.549 Activex Exploit (PrintControl.dll) 0-day 888 windows Dr_IDE
2010-12-11 Exploit Code Downloads Verified Exim 4.63 Remote Root Exploit 2997 linux Kingcope
2010-12-10 Exploit Code Downloads Verified LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD 1278 freebsd Kingcope
2010-12-09 Exploit Code Downloads Waiting verification VMware Tools update OS Command Injection 1587 multiple Nahuel Grisolia
2010-12-05 Exploit Code Downloads Download Vulnerable Application Verified Freefloat FTP Server Buffer Overflow Vulnerability 0day 1722 windows 0v3r
2010-12-03 Exploit Code Downloads Verified Image Viewer CP Gold 6 ActiveX TifMergeMultiFiles() Buffer Overflow 876 windows Dr_IDE
2010-12-03 Exploit Code Downloads Verified iFTPStorage for iPhone / iPod touch <= 1.3 – Directory Traversal 892 hardware XEL
2010-12-02 Exploit Code Downloads Download Vulnerable Application Verified ProFTPD 1.3.3c compromised source remote root Trojan 2727 linux anonymous
Advertisements

Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. The purpose of password cracking might be to help a user recover a forgotten password (though installing an entirely new password is less of a security risk, but involves system administration privileges), to gain unauthorized access to a system, or as a preventive measure by system administrators to check for easily crackable passwords. On a file-by-file basis, password cracking is utilized to gain access to digital evidence for which a judge has allowed access but the particular file’s access is restricted.
Contents
[hide]

1 Prevention
2 Software
3 References
4 External links

Prevention
Main article: Shadow password

The best method of preventing password cracking is to ensure that attackers cannot get access even to the encrypted password. For example, on the Unix operating system, encrypted passwords were originally stored in a publicly accessible file /etc/passwd. On modern Unix (and similar) systems, on the other hand, they are stored in the file /etc/shadow, which is accessible only to programs running with enhanced privileges (ie, ‘system’ privileges). This makes it harder for a malicious user to obtain the encrypted passwords in the first instance. Unfortunately, many common network protocols transmit passwords in cleartext or use weak challenge/response schemes.[1][2]

Modern Unix systems have replaced traditional DES-based password hashing with stronger methods based on MD5 and Blowfish.[3] Other systems have also begun to adopt these methods. For instance, the Cisco IOS originally used a reversible Vigenère cipher to encrypt passwords, but now uses md5-crypt with a 24-bit salt when the “enable secret” command is used.[4] These newer methods use large salt values which prevent attackers from efficiently mounting offline attacks against multiple user accounts simultaneously. The algorithms are also much slower to execute which drastically increases the time required to mount a successful offline attack.[5]

Solutions like a security token give a formal proof answer by constantly shifting password. Those solutions abruptly reduce the timeframe for brute forcing (attacker needs to break and use the password within a single shift) and they reduce the value of the stolen passwords because of its short time validity.

Software
Main category: Password cracking software

There are many password cracking software tools, but the most popular[6] are Cain and Abel, John the Ripper, Hydra, ElcomSoft and Lastbit. Many litigation support software packages also include password cracking functionality. Most of these packages employ a mixture of cracking strategies, with brute force and dictionary attacks proving to be the most productive.