THE

SPRAWL

  •  
  •  
  •  
  • sprawlsimilar

    password analysis and cracking kit

    Download PACK-0.0.4.tar.gz
    Size 68.8 KB
    DateAugust 8th, 2013
    Version0.0.4

    PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists and enhancing cracking of passwords using password pattern detection. It can be used to reverse word mangling rules, generate source words, optimize password masks, craft policy attacks, etc. for the Hashcat family of tools. The toolkit itself is not able to crack passwords, but instead designed to make operation of password crackers more efficient. Read more.

    08 aug
    2013
    smarter password cracking with pack

    Last week I gave a talk during the Password '13 security conference on various password analysis and pattern detection attacks using the Password Analysis and Cracking Kit. You can download slides for the presentation here.

    The conference itself was an absolute blast with great organization by Per Thorsheim and Jeremi Gosney. The conference gathered a fascinating crowd which spawned hours of great discussions on password security, cryptography, politics and everything in between. However, I especially enjoyed meeting in real life with many members of Team Hashcat.

    Team Hashcat had another great run at the CMIYC during Defcon where we placed 2nd. As always I ended up spending most of the conference in the hotel room or the chill room at Defcon, but that's part of the fun doing contests. Russia-based team Inside-Pro placed first by scoring more points on harder hashes, молодцы ребята!

    Today, I have finally finished writing documentation for the many changes and adding the final polish to the next release of PACK 0.0.4. There should be noticeable performance bumps for all of the tools in the toolkit especially Rulegen which is now finally using multiple CPU cores. You should also try out the completely rewritten 'maskgen' which is now capable of generating highly optimized mask collections for use with Hashcat suite of tools (see presentation slides above for more details). Enjoy and most importantly have fun with password cracking! Read more.

    automatic password rule analysis and generation

    The field of password cracking has evolved by leaps an bounds over the last decade with the introduction of new cracking techniques, more advanced software and significantly faster hardware. One area which I find most fascinating is rule-based cracking. An attacker can develop a set of word mangling rules (e.g. substitute all 'a's to '@'s, upper-case every third letter, etc.) in order to attack non-random passwords which use slightly modified dictionary words. The purpose of this research is to develop an automated method of analyzing a large body of leaked passwords in order to come up with a list of frequently used words and rules to make up passwords. Read more.

    hackers 95

    Hackers 95 is an independent documentary by Phone-E and RF Burns shot during the summer of 1995. The documentary covers hacker happenings during that summer including Summercon and Defcon III. There are plenty of interviews and random clips from these two conferences. The documentary also includes a separate segment on Area 51 as well as a Secret Service press release on Operation Cybersnare. Read more.

    orapass des

    Download orapass-des.py
    Size 1.6 KB
    DateFebruary 21st, 2009
    Version0.1

    Orapass implements Oracle's older DES-based password hashing algorithm. This script can be used for password strength audit and recovery. Uses Python Crypto library. Read more.

    john the ripper

    John the Ripper is a multi-platform password cracking tool. Read more.

    disinformation

    Great documentary featuring CDC (Cult of the Dead Cow). It offers a revealing view of security industry and hacker culture in the late 90s. There is also plenty of discussion on Back Orifice and its impact on the security industry. Read more.

    orapass sha1

    Download orapass-sha1.py
    Size 605 bytes
    DateAugust 17th, 2011
    Version0.1

    Orapass SHA1 implements Oracle's newer SHA1-based password hashing algorithm. This script can be used for password strength audit and recovery. Uses Python Hashlib library. Read more.

    cybercops

    Cybercops is a Channel 4 UK documentary first aired on December 21st 2000. The documentary explores threats to the e-commerce at the turn of the century and the work done by various private companies and law enforcement agencies to defend it and to prosecute the offenders. Read more.

    the dutch hacker video

    A video recording produced by the 2600 Magazine showing an attack on a US Army computer during the summer of 1991. Read more.



    π
    ///\oo/\\\