Password Auditing Tools

CompVPN (Virtual private network) is often used for securing communication over the public network, many security specialists advice to use it in the public Wi-Fi to encrypt all traffic and make it impossible for outsider to sniff information or to provide a remote access to an offsite user, but after implementing the VPN connection there is a testing phase for user’s authentication.

Now the question is who said that cracking password for VPN account impossible?

THC group has proved that this is reachable by using THC PPTP bruter. This software is a brute force for PPTP protocol (1723/TCP), this tool works only if the authentication servers are using Microsoft windows Chap v2 and can be used for Windows and Cisco gateways.

The good point in bruter that you can attempt up to 300-400 passwords depends on packets delivery speed. So the operation time can depends on how many bytes long is your password (8 or less is very risky) and the network speed, by hours we can try 14 million password per hour (but this can takes less time if you know the password policy used by the organization). The only disadvantage of pptp-bruter is that we need some third-party libraries to compile the program.

Microsoft SQL servers are also using authentication and after implementing the data base infrastructure, checking user accounts security is a must. Piggy 1.0.1 is a good tool for brut forcing and auditing passwords on Microsoft SQL server. The good point on Piggy that you can check multiple servers at the same time , after NMAP scans for the available services on the network it provides IP addresses of the servers with 1433 (TCP) port and piggy automatically starts to audit the user servers password with a very big possibility to find those accounts by using dictionary password attack.

Finally here is some online useful links for cracking hashes:

http://passcracking.com/
http://www.hashchecker.com/index.php
http://www.milw0rm.com/
http://www.gdataonline.com/
http://www.md5hood.com/

and here brute force on Python and Perl

make sure you subscribe to my RSS feed!

Share
Subscribe
Notify of
guest
12 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

[…] Excerpt from:  Password Auditing Tools | SecTechno […]

trackback

RT @Sectechno Password Auditing Tools | SecTechno http://bit.ly/16PQSv

trackback

RT @mattputvinski: RT @sectechno: New Blog Post: Password Auditing Tools http://bit.ly/8eBEI

trackback

RT @sectechno: New Blog Post: Password Auditing Tools http://bit.ly/8eBEI

trackback

RT @sectechno: New Blog Post: Password Auditing Tools http://bit.ly/8eBEI

trackback

Password Auditing Tools http://bit.ly/8eBEI (via @sectechno)

trackback

New Blog Post: Password Auditing Tools http://bit.ly/8eBEI via @sectechno

trackback

RT @sectechno New Blog Post: Password Auditing Tools http://bit.ly/8eBEI

trackback

New Blog Post: Password Auditing Tools http://bit.ly/8eBEI

trackback

Password Auditing Tools – http://icio.us/Aruj3d

trackback

RT @opexxx: Password Auditing Tools – http://icio.us/Aruj3d

trackback

Password Auditing Tools http://bit.ly/pOjqn