I had to make this blog post, about the Included Support for DES (Unix) hashes in Oclhashcat-plus new version 0.04
type: improvement
file: kernels
desc: added -m 1500 = descrypt, DES(Unix), Traditional DES
refe: http://hashcat.net/forum/thread-299.html
Though we are aware that DES hashes are old and not used in top notch security systems anymore. There are harder and better encryption algorithms out there.
But due to the ignorance of many Webmasters who think that implementing Strongbox or OCR Security at their login pages is the last step of security, they forget that the hashes need to be hard-to-decrypt as well.
"You close the Doors and we'll find the Windows to Get In "
Hola amigos!! ever thought of cracking DES hashes using the parallel processing power of GPUs?
oclhashcat-plus v0.04 has support for DES Unix Hashes.
You need to pass the -m 1500 argument at the command line while running oclhashcat
Hardware Support!
Now this is the most important part. You need to install ATI Catalyst 11.04 and ATI Stream SDK verison 2.4 installed.
However, I believe, it means that it has support for the latest drivers and SDK as well. But it can still run on older versions of SDK as long as you have the OpenCL support. I need to confirm this by running some tests.
In my case, I don't have a strong GPU. I am using an ATI Radeon HD Mobility 4570. ATI Radeon HD 4xxx series are supposed to be slow with oclhashcat due to bad OpenCL Support, so that's not good news for me. But it gives me a reason to go for better GPU now.
I want to decompile the m1500 kernels and read the code :) For my GPU the Kernel used will be: m1500.ATI RV710.64.kernel
The first biggest contribution of oclhashcat to me was the support for ATI Radeon HD Graphic Cards using OpenCL. And now they have DES Support, just pure awesomeness!!
Most of the passfiles retrieved from the servers by expoiting them; still have many DES hashes in them. Makes our life easier. Though down the line, we can expect stronger security mechanisms in Websites making it harder to intrude them.
After revisiting the bugs in some websites I already noticed that in the past 1 year they have advanced from DES to MD5 already.
"Who buys GPUs for gaming any more?!" :D
Listening Now: Kim Wilde - Words Fell Down
It's early in the morning, 4 AM and I am half asleep. But I thought of updating my blog with the new stuff that I am planning to work on.
Will be creating some Flash Intros for my videos to be uploaded in Youtube.
I'm going to need a Flash Intro and this will be decompiled and converted to FLA format, then edited with Adobe Flash CS5.
Sequence: Flash Intro -> FLA -> AVI
What is required?
Adobe Flash CS5 Professional
SWF Decompiler
Once again, my machine doesn't have enough of RAM to make this work. So, I'll have to give it some time before I can purchase a new faster machine.
Listening Now: Apoptygma Berzerk - Love To Blame
Will be creating some Flash Intros for my videos to be uploaded in Youtube.
I'm going to need a Flash Intro and this will be decompiled and converted to FLA format, then edited with Adobe Flash CS5.
Sequence: Flash Intro -> FLA -> AVI
What is required?
Adobe Flash CS5 Professional
SWF Decompiler
Once again, my machine doesn't have enough of RAM to make this work. So, I'll have to give it some time before I can purchase a new faster machine.
Listening Now: Apoptygma Berzerk - Love To Blame
This week, I was busy preparing for something to come up soon on my Youtube and Vimeo channels.
Pondering lately over how to make my videos more professional and catchy. How to make them a cut above the rest?
Alright, I got a nice theme as usual. Network Security Videos showing Latest Advanced Vulnerabilities in the Operating Systems with some cool Electro Music playing in the background.
But, for people who prefer a visual writeup instead of going through huge documents, I need to spice things up a bit!
So, I am using Camtasia Studio 7 for the videos I create. One conclusion I have come to is that I need more RAM for my PC. Since it doesn't have support for DDR3 Memory Modules and the latest processors, I need to purchase a new one.
For the time being, been setting up Lab for the experiments to be performed:
Lab Set up Accomplishments:
Ubuntu 11.04 Virtual Machine installed and configured OpenSSH on it.
Backtrack 4 VM installed.
Created a video to demonstrate the SSH Downgrade Attack using ARP Cache Poisoning.
Lab Set up for the coming videos:
Windows Server 2003 Enterprise Edition, SP2 VM
Windows XP Professional SP2 VM
Windows 7 Ultimate SP1 VM
Set up the Terminal Server on Windows Server 2003
Configure the Windows Server 2003 as a Domain Controller
Add other Windows VMs as a client to this domain
Perform Tests on RDP and test the vulnerabilities using Tsgrinder, TSCrack, Ncrack, rdesktop
Things to do:
Read the source code of rdesktop on Linux
Experiment with it in the Lab
Read about the patches made to rdesktop to include support for RDP version 5
Test the Heap Overflow Vulnerability in RDP version 5.1 and 5.2
Test rdpproxy and rdpprobe
Pondering lately over how to make my videos more professional and catchy. How to make them a cut above the rest?
Alright, I got a nice theme as usual. Network Security Videos showing Latest Advanced Vulnerabilities in the Operating Systems with some cool Electro Music playing in the background.
But, for people who prefer a visual writeup instead of going through huge documents, I need to spice things up a bit!
So, I am using Camtasia Studio 7 for the videos I create. One conclusion I have come to is that I need more RAM for my PC. Since it doesn't have support for DDR3 Memory Modules and the latest processors, I need to purchase a new one.
For the time being, been setting up Lab for the experiments to be performed:
Lab Set up Accomplishments:
Ubuntu 11.04 Virtual Machine installed and configured OpenSSH on it.
Backtrack 4 VM installed.
Created a video to demonstrate the SSH Downgrade Attack using ARP Cache Poisoning.
Lab Set up for the coming videos:
Windows Server 2003 Enterprise Edition, SP2 VM
Windows XP Professional SP2 VM
Windows 7 Ultimate SP1 VM
Set up the Terminal Server on Windows Server 2003
Configure the Windows Server 2003 as a Domain Controller
Add other Windows VMs as a client to this domain
Perform Tests on RDP and test the vulnerabilities using Tsgrinder, TSCrack, Ncrack, rdesktop
Things to do:
Read the source code of rdesktop on Linux
Experiment with it in the Lab
Read about the patches made to rdesktop to include support for RDP version 5
Test the Heap Overflow Vulnerability in RDP version 5.1 and 5.2
Test rdpproxy and rdpprobe