«
Expand/Collapse
193 items tagged "hash"
Related tags:
linux [+],
vulnerability [+],
python [+],
proof of concept [+],
crackers [+],
attack [+],
php [+],
password [+],
hash table [+],
utility [+],
mac addresses [+],
mac [+],
iptables [+],
ipset [+],
hash values [+],
hash algorithms [+],
dumper [+],
configuration file [+],
bitmap data [+],
advanced [+],
administration [+],
Skype [+],
hash collision [+],
txt [+],
chaos communication congress [+],
service vulnerability [+],
xendesktop [+],
wang [+],
sha1 [+],
pwrite [+],
md4 [+],
mask [+],
manager [+],
libxml [+],
hash functions [+],
disclosure [+],
dan kaminsky [+],
clamav [+],
citrix [+],
aws [+],
denial of service [+],
collision [+],
xenserver [+],
web security [+],
web [+],
type [+],
tool [+],
table [+],
state [+],
security appliance [+],
security advisory [+],
router [+],
root user [+],
root [+],
receiver version [+],
rack [+],
php asp [+],
network storage [+],
nas [+],
md5 hash [+],
mcafee [+],
mandriva linux [+],
mandriva [+],
jruby [+],
help [+],
hash function [+],
hash code [+],
g wireless [+],
email [+],
drm systems [+],
crack [+],
coredump [+],
collisions [+],
brute force attack [+],
brute force [+],
bit [+],
belkin [+],
Bugs [+],
with [+],
whitepaper [+],
vectors [+],
unhash [+],
tar bz2 [+],
symmetric ciphers [+],
small linux [+],
shellcode [+],
shadow [+],
sha [+],
program [+],
poc [+],
perl script [+],
pdf [+],
paper [+],
p network [+],
multi [+],
moaub [+],
library [+],
libgcrypt [+],
kind [+],
java [+],
heap [+],
hashing functions [+],
hashing algorithms [+],
hashcat [+],
functionality [+],
ed2k [+],
dynpage [+],
damn [+],
cryptographic library [+],
crypt [+],
cpu [+],
cms systems [+],
cms [+],
calculator [+],
apr [+],
algorithms [+],
Newbie [+],
wpa tkip [+],
wordpress [+],
wlan [+],
vuln [+],
video [+],
unix c [+],
unix [+],
tuples [+],
traffic [+],
this [+],
there [+],
string [+],
stack [+],
solaris [+],
simple [+],
screen [+],
salve [+],
rubinius [+],
remote [+],
receiver [+],
realplayer [+],
read [+],
rainbowcrack [+],
public competition [+],
psk [+],
proxy support [+],
peripherie [+],
pa [+],
overflow vulnerability [+],
oracle [+],
openbsd [+],
online [+],
offline [+],
net [+],
month [+],
mode [+],
maradns [+],
logarithm [+],
list [+],
jean philippe aumasson [+],
javascript engine [+],
javascript [+],
ipad [+],
information disclosure [+],
ike main [+],
ike aggressive [+],
ike [+],
ibmaix [+],
ibm aix [+],
ibm [+],
hash tables [+],
hash md5 [+],
hash algorithm [+],
generator [+],
function [+],
ftpd [+],
ftp server [+],
finalists [+],
file [+],
fault injection [+],
engine [+],
encryption [+],
dos attack [+],
dos [+],
des [+],
dei [+],
darknet [+],
darkc [+],
cve [+],
computer [+],
competition [+],
coldfusion [+],
cisco unity [+],
christian rechberger [+],
chaos communication camp [+],
carp [+],
cap [+],
calculator version [+],
calculator v1 [+],
cain [+],
bugtraq [+],
bl4ck [+],
bittorrent [+],
asp [+],
appreciated [+],
antenna [+],
angebot [+],
analysor [+],
amazon ec2 [+],
amazon [+],
algoritmo [+],
algorithm [+],
aix [+],
adobe [+],
Wireless [+],
Support [+],
Hardware [+],
Countermeasures [+],
Area [+],
Angolo [+],
3 candidates [+],
gpu [+],
apache [+],
dictionary [+],
apache tomcat [+],
tomcat [+],
ruby [+],
hashes [+],
oclhashcat [+],
denial [+]
-
-
16:00
»
SecuriTeam
DAMN Hash Calculator v1.5.1 Local suffers from heap overflow vulnerability
-
-
19:03
»
Packet Storm Security Recent Files
ipset allows administration of sets of IP addresses/networks, ports, MAC addresses, and interfaces, which are stored in hash or bitmap data structures. These can then be used in conjunction with iptables to do fast presence lookups.
-
19:03
»
Packet Storm Security Tools
ipset allows administration of sets of IP addresses/networks, ports, MAC addresses, and interfaces, which are stored in hash or bitmap data structures. These can then be used in conjunction with iptables to do fast presence lookups.
-
19:03
»
Packet Storm Security Misc. Files
ipset allows administration of sets of IP addresses/networks, ports, MAC addresses, and interfaces, which are stored in hash or bitmap data structures. These can then be used in conjunction with iptables to do fast presence lookups.
-
-
16:00
»
SecuriTeam
Ruby is prone to a denial-of-service vulnerability.
-
-
15:57
»
Packet Storm Security Recent Files
Libgcrypt is a general-purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptographic building blocks: symmetric ciphers (AES, DES, Blowfish, CAST5, Twofish, and Arcfour), hash algorithms (MD4, MD5, RIPE-MD160, SHA-1, and TIGER-192), MACs (HMAC for all hash algorithms), public key algorithms (RSA, ElGamal, and DSA), large integer functions, random numbers, and a lot of supporting functions.
-
15:57
»
Packet Storm Security Misc. Files
Libgcrypt is a general-purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptographic building blocks: symmetric ciphers (AES, DES, Blowfish, CAST5, Twofish, and Arcfour), hash algorithms (MD4, MD5, RIPE-MD160, SHA-1, and TIGER-192), MACs (HMAC for all hash algorithms), public key algorithms (RSA, ElGamal, and DSA), large integer functions, random numbers, and a lot of supporting functions.
-
-
21:29
»
SecDocs
Authors:
Dan Kaminsky Tags:
cryptography Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Joux and Wang’s multicollision attack has yielded collisions for several one-way hash algorithms. Of these, MD5 is the most problematic due to its heavy deployment, but there exists a perception that the flaws identified have no applied implications. We show that the appendability of Merkle-Damgard allows us to add any payload to the proof-of-concept hashes released by Wang et al. We then demonstrate a tool, Stripwire, that uses this capability to create two files – one which executes an arbitrary sequence of commands, the other which hides those commands with the strength of AES – both with the same MD5 hash. We show how this affects file-oriented system auditors such as Tripwire, but point out that the failure is nowhere near as catastrophic as it appears at first glance. We examine how this failure affects HMAC and Digital Signatures within Digital Rights Management (DRM) systems, and how the full attack expands into an unusual pseudosteganographic strikeback methodology against peer to peer networks.
-
21:29
»
SecDocs
Authors:
Dan Kaminsky Tags:
cryptography Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Joux and Wang’s multicollision attack has yielded collisions for several one-way hash algorithms. Of these, MD5 is the most problematic due to its heavy deployment, but there exists a perception that the flaws identified have no applied implications. We show that the appendability of Merkle-Damgard allows us to add any payload to the proof-of-concept hashes released by Wang et al. We then demonstrate a tool, Stripwire, that uses this capability to create two files – one which executes an arbitrary sequence of commands, the other which hides those commands with the strength of AES – both with the same MD5 hash. We show how this affects file-oriented system auditors such as Tripwire, but point out that the failure is nowhere near as catastrophic as it appears at first glance. We examine how this failure affects HMAC and Digital Signatures within Digital Rights Management (DRM) systems, and how the full attack expands into an unusual pseudosteganographic strikeback methodology against peer to peer networks.
-
21:29
»
SecDocs
Authors:
Dan Kaminsky Tags:
cryptography Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Joux and Wang’s multicollision attack has yielded collisions for several one-way hash algorithms. Of these, MD5 is the most problematic due to its heavy deployment, but there exists a perception that the flaws identified have no applied implications. We show that the appendability of Merkle-Damgard allows us to add any payload to the proof-of-concept hashes released by Wang et al. We then demonstrate a tool, Stripwire, that uses this capability to create two files – one which executes an arbitrary sequence of commands, the other which hides those commands with the strength of AES – both with the same MD5 hash. We show how this affects file-oriented system auditors such as Tripwire, but point out that the failure is nowhere near as catastrophic as it appears at first glance. We examine how this failure affects HMAC and Digital Signatures within Digital Rights Management (DRM) systems, and how the full attack expands into an unusual pseudosteganographic strikeback methodology against peer to peer networks.
-
21:29
»
SecDocs
Authors:
Dan Kaminsky Tags:
cryptography Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Joux and Wang’s multicollision attack has yielded collisions for several one-way hash algorithms. Of these, MD5 is the most problematic due to its heavy deployment, but there exists a perception that the flaws identified have no applied implications. We show that the appendability of Merkle-Damgard allows us to add any payload to the proof-of-concept hashes released by Wang et al. We then demonstrate a tool, Stripwire, that uses this capability to create two files – one which executes an arbitrary sequence of commands, the other which hides those commands with the strength of AES – both with the same MD5 hash. We show how this affects file-oriented system auditors such as Tripwire, but point out that the failure is nowhere near as catastrophic as it appears at first glance. We examine how this failure affects HMAC and Digital Signatures within Digital Rights Management (DRM) systems, and how the full attack expands into an unusual pseudosteganographic strikeback methodology against peer to peer networks.
-
-
9:06
»
Packet Storm Security Exploits
LG NAS N2B1 Network Storage suffers from a remote username and password hash disclosure vulnerability. Firmware versions 2660 and below are affected.
-
9:06
»
Packet Storm Security Recent Files
LG NAS N2B1 Network Storage suffers from a remote username and password hash disclosure vulnerability. Firmware versions 2660 and below are affected.
-
9:06
»
Packet Storm Security Misc. Files
LG NAS N2B1 Network Storage suffers from a remote username and password hash disclosure vulnerability. Firmware versions 2660 and below are affected.
-
-
8:14
»
Packet Storm Security Recent Files
ipset allows administration of sets of IP addresses/networks, ports, MAC addresses, and interfaces, which are stored in hash or bitmap data structures. These can then be used in conjunction with iptables to do fast presence lookups.
-
8:14
»
Packet Storm Security Tools
ipset allows administration of sets of IP addresses/networks, ports, MAC addresses, and interfaces, which are stored in hash or bitmap data structures. These can then be used in conjunction with iptables to do fast presence lookups.
-
8:14
»
Packet Storm Security Misc. Files
ipset allows administration of sets of IP addresses/networks, ports, MAC addresses, and interfaces, which are stored in hash or bitmap data structures. These can then be used in conjunction with iptables to do fast presence lookups.
-
-
20:07
»
Packet Storm Security Recent Files
Hashes is a cross-platform tool that generates and injects different keys with the same hash code in order to test web applications against hash collision attacks. Written in Java. Has support for Java, PHP, ASP, and V8.
-
20:07
»
Packet Storm Security Tools
Hashes is a cross-platform tool that generates and injects different keys with the same hash code in order to test web applications against hash collision attacks. Written in Java. Has support for Java, PHP, ASP, and V8.
-
20:07
»
Packet Storm Security Misc. Files
Hashes is a cross-platform tool that generates and injects different keys with the same hash code in order to test web applications against hash collision attacks. Written in Java. Has support for Java, PHP, ASP, and V8.
-
-
21:45
»
SecDocs
Authors:
Christian Rechberger Tags:
cryptography Event:
Chaos Communication Camp 2007 Abstract: It is now already two years since the first theoretical attacks on the popular hash function SHA-1 have been announced. However so far nobody could show a collision for SHA-1. This talk surveys recent progress in the analysis of this hash function. How to contribute? Find out.
-
-
7:14
»
Packet Storm Security Recent Files
This paper describes an attack of the iterated use of hashing functions used as key stretching algorithms where the state of a hash can be transferred to the next hash function.
-
7:14
»
Packet Storm Security Misc. Files
This paper describes an attack of the iterated use of hashing functions used as key stretching algorithms where the state of a hash can be transferred to the next hash function.
-
-
17:14
»
Packet Storm Security Recent Files
The purpose of this paper is to make the reader aware of various Hash Cracking Techniques ranging from Basic to Advanced. The intended audience for this paper is those who have a basic understanding of hash cracking and password hashing algorithms.
-
17:14
»
Packet Storm Security Misc. Files
The purpose of this paper is to make the reader aware of various Hash Cracking Techniques ranging from Basic to Advanced. The intended audience for this paper is those who have a basic understanding of hash cracking and password hashing algorithms.
-
-
20:28
»
Packet Storm Security Recent Files
oclHashcat+ Advanced GPU hash cracking utility that includes the World's fastest md5crypt and phpass crackers and has the first GPGPU-based rule engine. Focuses on highly iterated modern hashes, single dictionary-based attacks, and more. 32-bit version.
-
20:28
»
Packet Storm Security Misc. Files
oclHashcat+ Advanced GPU hash cracking utility that includes the World's fastest md5crypt and phpass crackers and has the first GPGPU-based rule engine. Focuses on highly iterated modern hashes, single dictionary-based attacks, and more. 32-bit version.
-
19:50
»
Packet Storm Security Recent Files
oclHashcat+ Advanced GPU hash cracking utility that includes the World's fastest md5crypt and phpass crackers and has the first GPGPU-based rule engine. Focuses on highly iterated modern hashes, single dictionary-based attacks, and more. 64-bit version.
-
19:50
»
Packet Storm Security Misc. Files
oclHashcat+ Advanced GPU hash cracking utility that includes the World's fastest md5crypt and phpass crackers and has the first GPGPU-based rule engine. Focuses on highly iterated modern hashes, single dictionary-based attacks, and more. 64-bit version.
-
-
21:40
»
SecDocs
Tags:
BitTorrent Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Distributed Hash Tables implement Routing and Addressability in large P2P networks. In the Kademlia adaption for Bittorrent a peer's address (NodeID) is to be generated randomly, or more appropriate: arbitrarily. Because randomness isn't verifiable, an implementation can advertise itself with popular NodeIDs or even change them on a per-packet basis. Two issues arise due this design problem: Amplification of UDP traffic Amplification of TCP traffic Anyone with a moderate bandwidth connection can induce DDoS attacks with the BitTorrent cloud. Starting with the prerequisites of BitTorrent, I will outline the importance of tracker-less operation and how Magnet links work. Distributed Hash Tables are explained pertaining to the Kademlia algorithm. It is most interesting how implementations maintain and refresh routing information, allowing a malicious node to become a popular neighbour quickly, and how traffic can be amplified in two ways. I will present packet rate analysis measured during tests on Amazon EC2. In conclusion it is explained how the problem of arbitrary NodeIDs can be avoided if the protocol was to be redesigned. A few words are to be given what client authors can do to alleviate the damage potential of the BitTorrent DHT.
-
-
17:08
»
Packet Storm Security Advisories
McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a password cracking vulnerability.
-
17:08
»
Packet Storm Security Recent Files
McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a password cracking vulnerability.
-
17:08
»
Packet Storm Security Misc. Files
McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a password cracking vulnerability.
-
-
16:06
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-019 - tables/apr_hash.c in the Apache Portable Runtime library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service via crafted input to an application that maintains a hash table. APR has been upgraded to the latest version which holds many improvements over the previous versions and is not vulnerable to this issue.
-
16:06
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-019 - tables/apr_hash.c in the Apache Portable Runtime library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service via crafted input to an application that maintains a hash table. APR has been upgraded to the latest version which holds many improvements over the previous versions and is not vulnerable to this issue.
-
16:06
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-019 - tables/apr_hash.c in the Apache Portable Runtime library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service via crafted input to an application that maintains a hash table. APR has been upgraded to the latest version which holds many improvements over the previous versions and is not vulnerable to this issue.
-
-
6:53
»
Packet Storm Security Exploits
PHP 5.3.x hash collision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.
-
6:53
»
Packet Storm Security Recent Files
PHP 5.3.x hash collision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.
-
6:53
»
Packet Storm Security Misc. Files
PHP 5.3.x hash collision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.
-
-
9:49
»
Packet Storm Security Advisories
Most hash functions used in hash table implementations can be broken faster than by using brute-force techniques (which is feasible for hash functions with 32 bit output, but very expensive for 64 bit functions) by using one of two "tricks": equivalent substrings or a meet-in-the-middle attack.
-
9:49
»
Packet Storm Security Recent Files
Most hash functions used in hash table implementations can be broken faster than by using brute-force techniques (which is feasible for hash functions with 32 bit output, but very expensive for 64 bit functions) by using one of two "tricks": equivalent substrings or a meet-in-the-middle attack.
-
9:49
»
Packet Storm Security Misc. Files
Most hash functions used in hash table implementations can be broken faster than by using brute-force techniques (which is feasible for hash functions with 32 bit output, but very expensive for 64 bit functions) by using one of two "tricks": equivalent substrings or a meet-in-the-middle attack.
-
-
18:44
»
Carnal0wnage
There hasnt been much in the way of updates on breaking into VPN servers that have aggressive mode enabled.
ike-scan is probably still your best bet.
If you have no idea what i'm talking about go read this:
http://www.sersc.org/journals/IJAST/vol8/2.pdf and
http://www.radarhack.com/dir/papers/Scanning_ike_with_ikescan.pdf
In IKE Aggressive mode the authentication hash based on a preshared key (PSK) is transmitted as response to the initial packet of a vpn client that wants to establish an IPSec Tunnel (Hash_R). This hash is not encrypted. It's possible to capture these packets using a sniffer, for example tcpdump and start dictionary or brute force attack against this hash to recover the PSK.
This attack only works in IKE aggressive mode because in IKE Main Mode the hash is already encrypted. Based on such facts IKE aggressive mode is not very secure.
It looks like this:
$ sudo ike-scan 192.168.207.134
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
192.168.207.134 Notify message 14 (NO-PROPOSAL-CHOSEN) HDR=(CKY-R=f320d682d5c73797)
Ending ike-scan 1.9: 1 hosts scanned in 0.096 seconds (10.37 hosts/sec).
0 returned handshake; 1 returned notify
$ sudo ike-scan -A 192.168.207.134
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ikescan/)
192.168.207.134 Aggressive Mode Handshake returned HDR=(CKY-R=f320d6XXXXXXXX) SA=(Enc=3DES Hash=MD5 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800) VID=12f5f28cXXXXXXXXXXXXXXX (Cisco Unity) VID=afcad71368a1XXXXXXXXXXXXXXX(Dead Peer Detection v1.0) VID=06e7719XXXXXXXXXXXXXXXXXXXXXX VID=090026XXXXXXXXXX (XAUTH) KeyExchange(128 bytes) ID(Type=ID_IPV4_ADDR, Value=192.168.207.134) Nonce(20 bytes) Hash(16 bytes)
To save with some output:
$ sudo ike-scan -A 192.168.207.134 --id=myid -P192-168-207-134key
Once you have you psk file to crack you're stuck with two options psk-crack and cain
psk-crack is fairly rudamentary
to brute force:
$psk-crack -b 5 192-168-207-134key
Running in brute-force cracking mode
Brute force with 36 chars up to length 5 will take up to 60466176 iterations
no match found for MD5 hash 5c178d[SNIP]
Ending psk-crack: 60466176 iterations in 138.019 seconds (438099.56 iterations/sec)
Default is charset is "0123456789abcdefghijklmnopqrstuvwxyz" can be changed with --charset=
$ psk-crack -b 5 --charset="01233456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 192-168-207-134key
Running in brute-force cracking modde
Brute force with 63 chars up to length 5 will take up to 992436543 iterations
To dictionary attack:
$psk-crack -d /path/to/dictionary 192-168-207-134key
Running in dictionary cracking mode
no match found for MD5 hash 5c178d[SNIP]
Ending psk-crack: 14344876 iterations in 33.400 seconds (429483.14 iterations/sec)
You may find yourself wanting a bit more flexibility or options during bruteforcing or dictionary attacking (i.e. character substition). For this you'll need to use
Cain. The problem I ran in to was Cain is a Windows tool and ike-scan is *nix. I couldnt get the windows tool that is floating around to work. Solution...run in vmware and have Cain sniff on your VMware interface. The PSK should show up in passwords of the sniffer tab, then you can select and "send to cracker". Its slow as hell, but more options than psk-crack.
-
-
15:45
»
Packet Storm Security Recent Files
oclHashcat+ Advanced GPU hash cracking utility that includes the World's fastest md5crypt and phpass crackers and has the first GPGPU-based rule engine. Focuses on highly iterated modern hashes, single dictionary-based attacks, and more. Linux and Windows binaries are included.
-
15:45
»
Packet Storm Security Misc. Files
oclHashcat+ Advanced GPU hash cracking utility that includes the World's fastest md5crypt and phpass crackers and has the first GPGPU-based rule engine. Focuses on highly iterated modern hashes, single dictionary-based attacks, and more. Linux and Windows binaries are included.
-
15:43
»
Packet Storm Security Recent Files
oclHashcat-lite Advanced GPU hash cracking utility that includes the World's fastest MD4, MD5, SHA1, and SHA256 cracker. It supports up to 16 GPUs and include binaries for both Linux and Windows.
-
15:43
»
Packet Storm Security Misc. Files
oclHashcat-lite Advanced GPU hash cracking utility that includes the World's fastest MD4, MD5, SHA1, and SHA256 cracker. It supports up to 16 GPUs and include binaries for both Linux and Windows.
-
15:43
»
Packet Storm Security Recent Files
oclHashcat GPU hash cracking utility that has multi-GPU and multi-hash support. It supports dictionary-based and mask-attacks for hybrid cracking. Linux and Windows binaries are included.
-
15:43
»
Packet Storm Security Misc. Files
oclHashcat GPU hash cracking utility that has multi-GPU and multi-hash support. It supports dictionary-based and mask-attacks for hybrid cracking. Linux and Windows binaries are included.
-
-
15:08
»
SecDocs
Authors:
Jean-Philippe Aumasson Tags:
cryptography alghoritm Event:
Hashdays 2010 Abstract: After the AES Competition in the late 90s, the US NIST is now running a public competition to select the future cryptographic hash SHA-3. In this talk, we’ll present the motivations behind this initiative, with a focus on the only Swiss candidate BLAKE, which is one of the few candidates left in the competition. Then we’ll describe new results on one of the SHA-3 candidates, and we'll discuss the applicability of fault injection attacks to the HMAC construction. Finally, we’ll argue that SHA-3 is not the end of the road, since SHA-3 candidates are all software-oriented algorithms too demanding for constrainted environments, and we’ll present a proposal for a lightweight hash (previously presented at CHES 2010).
-
-
8:12
»
Packet Storm Security Recent Files
oclHashcat-lite Advanced GPU hash cracking utility that includes the World's fastest MD4, MD5, SHA1, and SHA256 cracker. It supports up to 16 GPUs and include binaries for both Linux and Windows.
-
8:12
»
Packet Storm Security Misc. Files
oclHashcat-lite Advanced GPU hash cracking utility that includes the World's fastest MD4, MD5, SHA1, and SHA256 cracker. It supports up to 16 GPUs and include binaries for both Linux and Windows.
-
-
16:04
»
Packet Storm Security Recent Files
oclHashcat GPU hash cracking utility that has multi-GPU and multi-hash support. It supports dictionary-based and mask-attacks for hybrid cracking. Linux and Windows binaries are included.
-
16:04
»
Packet Storm Security Misc. Files
oclHashcat GPU hash cracking utility that has multi-GPU and multi-hash support. It supports dictionary-based and mask-attacks for hybrid cracking. Linux and Windows binaries are included.
-
15:09
»
Packet Storm Security Recent Files
oclHashcat+ Advanced GPU hash cracking utility that includes the World's fastest md5crypt and phpass crackers and has the first GPGPU-based rule engine. Focuses on highly iterated modern hashes, single dictionary-based attacks, and more. Linux and Windows binaries are included.
-
15:09
»
Packet Storm Security Misc. Files
oclHashcat+ Advanced GPU hash cracking utility that includes the World's fastest md5crypt and phpass crackers and has the first GPGPU-based rule engine. Focuses on highly iterated modern hashes, single dictionary-based attacks, and more. Linux and Windows binaries are included.
-
-
22:01
»
Packet Storm Security Recent Files
Month Of Abysssec Undisclosed Bugs - DynPage versions 1.0 and below suffer from local file disclosure and administrative hash disclosure vulnerabilities.
-
22:00
»
Packet Storm Security Exploits
Month Of Abysssec Undisclosed Bugs - DynPage versions 1.0 and below suffer from local file disclosure and administrative hash disclosure vulnerabilities.
-
22:00
»
Packet Storm Security Advisories
Month Of Abysssec Undisclosed Bugs - DynPage versions 1.0 and below suffer from local file disclosure and administrative hash disclosure vulnerabilities.
-
-
11:40
»
remote-exploit & backtrack
Salve a tutti!
Sono riuscito ad ottenere un HASH e una password in chiaro, credo che siano in DES(UNIX). C'è un modo per ricavare l'algoritmo di hashing?
Grazie,
Fandonius
-
-
21:23
»
remote-exploit & backtrack
Hello,
where does ipad keep its screen unlock paswword hash in file system?
thanks
-
-
13:35
»
Packet Storm Security Exploits
AIX 5l with FTP server remote root hash disclosure exploit. Creates a coredump including the root user hash from /etc/security/passwd. This is the second version that was written to be more portable between hosts.
-
19:02
»
Packet Storm Security Exploits
AIX5l with FTP server remote root hash disclosure exploit. Creates a coredump including the root user hash from /etc/security/passwd.
-
-
1:00
»
Packet Storm Security Tools
UnHash is a program that performs a brute force attack against a given hash. The hash can be MD5 or SHA1, and the program will auto-detect which one is given.
-
1:00
»
Packet Storm Security Recent Files
UnHash is a program that performs a brute force attack against a given hash. The hash can be MD5 or SHA1, and the program will auto-detect which one is given.
-
-
16:42
»
remote-exploit & backtrack
I set up a wireless network with WPA/TKIP encriptation to try to crack it.
I got the hash in a .cap file. I'd like to know if I can get the hash out of the cap file. I know I can run aircrack or cowpatty on the cap file with a wordlist or rainbow table but I'm curious about how to find the hash. I also would like to know if I can try to crack it like it was a MD5 hash.
Thanks for the attention.
-
-
5:55
»
remote-exploit & backtrack
Ist das ein gutes Angebot?
hxxp://cgi.ebay.de/ALFA-NETWORK-AWUS036H-1000mW-WLAN-USB-5dBi-antenna_W0QQitemZ250559645826QQcmdZViewItemQQptZDE _Computer_Peripherie_Netzwerk?hash=item3a5684c882
-
-
15:30
»
SecDocs
Tags:
cryptography Abstract: In this paper, we study the existence of multicollisions in it- erated hash functions. We show that finding multicollisions, i.e. r-tuples of messages that all hash to the same value, is not much harder than finding ordinary collisions, i.e. pairs of messages, even for extremely large values of r. More precisely, the ratio of the complexities of the attacks is approximately equal to the logarithm of r. Then, using large multi- collisions as a tool, we solve a long standing open problem and prove that concatenating the results of several iterated hash functions in or- der to build a larger one does not yield a secure construction. We also discuss the potential impact of our attack on several published schemes. Quite surprisingly, for subtle reasons, the schemes we study happen to be immune to our attack.
0day.today (was: 1337day, Inj3ct0r, 1337db) (199 unread)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Hack a Day
Wirevolution
2:00