[Dshield] Password Cracking Software

David Taylor ltr at isc.upenn.edu
Mon Feb 26 14:50:28 GMT 2007


Thanks for all the responses.  Much appreciated.


==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 


-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of David Taylor
Sent: Friday, February 23, 2007 4:38 PM
To: 'General DShield Discussion List'
Subject: Re: [Dshield] Password Cracking Software



To add a bit more information to this so folks get an understanding at what
I am trying to get at.  A while back we were looking at having IT folks here
at Penn use password cracking software against various systems as part of a
security assessment.  L0phtCrack was a legitimate application (legit in this
case means Symantec didn't detect it as evil). We were planning on talking
to @Stake about a site license. If we are going to make recommendations of
specific software to use in reality it can't be one that would be detected
by AV software by default.

Since Rainbow Tables is the big thing now I downloaded Ophtcrack and as soon
as I began the install it pwdump was detected by Symantec. So, if we
recommend software to our Penn IT Community we really can't tell them they
need to stop the AV software from detecting it.  If that makes sense.

==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 


-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of David Taylor
Sent: Friday, February 23, 2007 2:16 PM
To: General DShield Discussion List
Subject: [Dshield] Password Cracking Software



Hi all,

Since @Stake was acquired by Symantec L0phtCrack is no longer available.  As
far as I know it was the only professional quality (with support, etc)
software available for this purpose.  Does anyone know of other software
that would fit this bill?

I know there are a lot of applications out there such as John the Ripper,
Cain, etc but we are looking for one that would, by default, not get
detected by Anti-Virus software.

==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 


_________________________________________

SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)



_________________________________________

SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)





More information about the list mailing list