Some of you may know, but then some of you may not. Yesterday I was mentioned on the CommandLine kung fu blog. Now it was no big deal, like new spolit found or new rockin code, but it's nice to be mentioned and associated with individuals such as Ed Skoudis and the other folks that maintain the blog. I submitted a question/suggestion for them to discuss command output redirection. They did an excellent job in covering the material and I hope a lot of people learned as much from it as I did! Thanks guys!
I did not get to testing the new l0phtcrack this weekend. I ended up playing with my Mac the whole time :) I'm just about completey over to it now. I'm giving Entourage a try over Outlook. So far it's not that bad. The only issue I have remaining is that the SANS @home sessions will not play on my Mac. I have a ticket open with them to try to fix this. It's not a show stopper though as I have VMWare fusion installed and running Windows 7 which runs the sessions fine. So long story short, I hope to get to testing soon. I'm tied up at work all weekend this weekend but maybe during my downtime I can see what I can do. I'm also trying to go through the SANS 560 and 561 class materials one last time before taking the GPEN test. My hope is to take it in the middle of next month so I can get started on my CISSP.
More later, hopefully a full review of l0pht vs. some of the other free password crackers out there!
Wednesday, June 17, 2009
Thursday, June 11, 2009
Life on a Mac
Well, I finally got my new Mac. In short, I'm really happy with it. I haven't had much time to actually play with it because of other things I have needed to do. So far though I am very happy with it. Yes happy enough that I will probably not purchase a PC laptop for the purpose of my personal use again! I have converted.
The major thing I'm trying to figure out is which way to go with virtualization. I have installed Parallels because I have seen some interesting things as far as it's interaction with the OS. Being able to just launch necessary Windows applications from the system and have it in a window like any other app is nice. I'm a big fan of VMWare so fusion it is obviously my other choice. I have a 14 day trial of Parallels and then I will attempt a trial of Fusion. I'm going to give them both a shot before I make my decision. With that siad though, that makes my complete move to the Mac not done yet. I still have the Dell close at hand. Mainly all of my email is in Outlook and my bookmarks are still on there. I do have data which needs to be moved still as well but those are about the only reason I'm not completely switched.
I have not moved Outlook over because I am not sold on a particular virtual application yet. I know Mac has the built in Mail client, maybe I'll switch to that too but I'm not sure yet. I choose to install Windows 7 in the virtual environment. So far to me it is pretty much Vista. It does seem to run well and there are some dialog box changes and some sort of change in workgroup that makes it almost seem domain like with a password for access and such. All of that investigation will be for anoher day. Anyway, short post, I just wanted to update. I still have plans on testing out the password tools this weekend and I will post the results here.
The major thing I'm trying to figure out is which way to go with virtualization. I have installed Parallels because I have seen some interesting things as far as it's interaction with the OS. Being able to just launch necessary Windows applications from the system and have it in a window like any other app is nice. I'm a big fan of VMWare so fusion it is obviously my other choice. I have a 14 day trial of Parallels and then I will attempt a trial of Fusion. I'm going to give them both a shot before I make my decision. With that siad though, that makes my complete move to the Mac not done yet. I still have the Dell close at hand. Mainly all of my email is in Outlook and my bookmarks are still on there. I do have data which needs to be moved still as well but those are about the only reason I'm not completely switched.
I have not moved Outlook over because I am not sold on a particular virtual application yet. I know Mac has the built in Mail client, maybe I'll switch to that too but I'm not sure yet. I choose to install Windows 7 in the virtual environment. So far to me it is pretty much Vista. It does seem to run well and there are some dialog box changes and some sort of change in workgroup that makes it almost seem domain like with a password for access and such. All of that investigation will be for anoher day. Anyway, short post, I just wanted to update. I still have plans on testing out the password tools this weekend and I will post the results here.
Monday, June 8, 2009
L0pth iz Back!
You read it correctly. The great password cracking tool is back in action. Many of you may remember this tool. It worked great and I know a lot of people that had it previously that still used it to this day. The tool was created by the L0pthcrack team some years ago. This was purchased by @stake which was then purchased by Symantec. For some reason at that time the tool disappeared from availability. This was a sad time in password cracking history. The good news is that it is now back and better than ever. I haven't installed it yet, as you may know I'm due to get my new Mac today and will probably reinstall this laptop with Windows 7 to get better performance. From what I am reading thought some of the new features are:
"
L0phtCrack 6 is packed with powerful features such as scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding. Yet it is still the easiest to use password auditing and recovery software available.
Password Scoring
L0phtCrack 6 provides a scoring metric to quickly assess password quality. Passwords are measured against current industry best practices, and are rated as Strong, Medium, Weak, or Fail.
Pre-computed Dictionary Support
Pre-computed password files is a must have feature in password auditing. L0phtCrack 6 supports pre-computed password hashes. Password audits now take minutes instead of hours or days.
Windows & Unix Password Support
L0phtCrack 6 imports and cracks Unix password files. Perform network audits from a single interface.
Remote password retrieval
L0phtCrack 6 has a built-in ability to import passwords from remote Windows, including 64-bit versions of Vista, Windows 7, and Unix machines, without requiring a third-party utility.
Scheduled Scans
System administrators can schedule routine audits with L0phtCrack 6. Audits can be performed daily, weekly, monthly, or just once, depending on the organization's auditing requirements.
Remediation
L0phtCrack 6 offers remediation assistance to system administrators on how to take action against accounts that have poor passwords. Accounts can be disabled, or the passwords can be set to expire from within the L0phtCrack 6 interface. Remediation works for Windows user accounts only.
Updated Vista/Windows 7 Style UI
The user interface is improved and updated. More information is available about each user account, including password age, lock-out status, and whether the account is disabled, expired, or never expires. Information on L0phtCrack 6's current session is provided in an "immediate window" with a reporting tab providing up-to-the-minute status of the current auditing session."
To learn more check out their page at L0phtCrack. I'm going to run some benchmarks on this guy this coming weekend. I'm probably gonna put it up against 0phcrack and John the Ripper. Unfortunately, I do not have a 64bit machine to test with but the new Mac is multi core so we can see how much it can take advantage of it. That is if it runs well in a virtual environment as I don't see a Mac version.
"
L0phtCrack 6 is packed with powerful features such as scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding. Yet it is still the easiest to use password auditing and recovery software available.
Password Scoring
L0phtCrack 6 provides a scoring metric to quickly assess password quality. Passwords are measured against current industry best practices, and are rated as Strong, Medium, Weak, or Fail.
Pre-computed Dictionary Support
Pre-computed password files is a must have feature in password auditing. L0phtCrack 6 supports pre-computed password hashes. Password audits now take minutes instead of hours or days.
Windows & Unix Password Support
L0phtCrack 6 imports and cracks Unix password files. Perform network audits from a single interface.
Remote password retrieval
L0phtCrack 6 has a built-in ability to import passwords from remote Windows, including 64-bit versions of Vista, Windows 7, and Unix machines, without requiring a third-party utility.
Scheduled Scans
System administrators can schedule routine audits with L0phtCrack 6. Audits can be performed daily, weekly, monthly, or just once, depending on the organization's auditing requirements.
Remediation
L0phtCrack 6 offers remediation assistance to system administrators on how to take action against accounts that have poor passwords. Accounts can be disabled, or the passwords can be set to expire from within the L0phtCrack 6 interface. Remediation works for Windows user accounts only.
Updated Vista/Windows 7 Style UI
The user interface is improved and updated. More information is available about each user account, including password age, lock-out status, and whether the account is disabled, expired, or never expires. Information on L0phtCrack 6's current session is provided in an "immediate window" with a reporting tab providing up-to-the-minute status of the current auditing session."
To learn more check out their page at L0phtCrack. I'm going to run some benchmarks on this guy this coming weekend. I'm probably gonna put it up against 0phcrack and John the Ripper. Unfortunately, I do not have a 64bit machine to test with but the new Mac is multi core so we can see how much it can take advantage of it. That is if it runs well in a virtual environment as I don't see a Mac version.
Thursday, June 4, 2009
iPhone fun
OK so it has been a while since I have posted. As some of you may already know, this is mainly because I am working back in the DC area. I am on a couple week contract as surge support in a NOC move. We shall see what happens after that.
So while on this contract I was given an iPhone to be contacted. I found this a great chance for me to see just how cool it was. Sure I have played with them before but not at the length of time that I have it for now. So far, I'm a fan. There are a lot of little cool apps that I find handy. It seems that the free ones have their downfalls sometimes but heck some of the good ones are only .99 cents! The best thing I have experienced with it is web browsing. I have a Samsung Omnia, this was as close as I could get to an iPhone on Verizon at this time. I like the Omnia but to be honest web browsing isn't easy enough to make me want to do it all of the time. It's a nice to have feature that I have used but mainly I use it for email and tethering. For those things, it rocks.
The iPhone, however, makes browsing a fun experience. It is so useful that I do it all of the time now. I attribute this to the way the browser resizes. Opera mobile has some of this ability but no where near the level that Safari does on this guy. It's also helpful to have normal headset jack. The Omnia requires an adapter which is a pain to carry. This guy just plugs up with your normal earbuds which makes it much more attractive. With that in mind, it makes me want to listen to more podcasts like the SANS storm center daily and pauldotcom weekly. I also purchased a nice RSS reader that imported my opal list of RSS feeds. The reader formats it nice and keeps me busy when I'm waiting for stuff.
Overall I'm happy with the device. I'm not a fan of AT&T still as I have complete dead zones on the phone when my Omnia is happy tethering me away at full 3G speeds. I will say though, if Verizon does get to offer the iPhone next year, I'm on it.
So while on this contract I was given an iPhone to be contacted. I found this a great chance for me to see just how cool it was. Sure I have played with them before but not at the length of time that I have it for now. So far, I'm a fan. There are a lot of little cool apps that I find handy. It seems that the free ones have their downfalls sometimes but heck some of the good ones are only .99 cents! The best thing I have experienced with it is web browsing. I have a Samsung Omnia, this was as close as I could get to an iPhone on Verizon at this time. I like the Omnia but to be honest web browsing isn't easy enough to make me want to do it all of the time. It's a nice to have feature that I have used but mainly I use it for email and tethering. For those things, it rocks.
The iPhone, however, makes browsing a fun experience. It is so useful that I do it all of the time now. I attribute this to the way the browser resizes. Opera mobile has some of this ability but no where near the level that Safari does on this guy. It's also helpful to have normal headset jack. The Omnia requires an adapter which is a pain to carry. This guy just plugs up with your normal earbuds which makes it much more attractive. With that in mind, it makes me want to listen to more podcasts like the SANS storm center daily and pauldotcom weekly. I also purchased a nice RSS reader that imported my opal list of RSS feeds. The reader formats it nice and keeps me busy when I'm waiting for stuff.
Overall I'm happy with the device. I'm not a fan of AT&T still as I have complete dead zones on the phone when my Omnia is happy tethering me away at full 3G speeds. I will say though, if Verizon does get to offer the iPhone next year, I'm on it.
Subscribe to:
Posts (Atom)
