[Dshield] Password Cracking Software
ltr at isc.upenn.edu
Thu May 3 14:22:15 GMT 2007
To add a bit more information to this so folks get an understanding at what
I am trying to get at. A while back we were looking at having IT folks here
at Penn use password cracking software against various systems as part of a
security assessment. L0phtCrack was a legitimate application (legit in this
case means Symantec didn't detect it as evil). We were planning on talking
to @Stake about a site license. If we are going to make recommendations of
specific software to use in reality it can't be one that would be detected
by AV software by default.
Since Rainbow Tables is the big thing now I downloaded Ophtcrack and as soon
as I began the install it pwdump was detected by Symantec. So, if we
recommend software to our Penn IT Community we really can't tell them they
need to stop the AV software from detecting it. If that makes sense.
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security
Philadelphia PA USA
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Sue Young
Sent: Friday, February 23, 2007 2:51 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Password Cracking Software
I usually turn off my antivirus when I use such things. McAffee has an
option to allow "PUPS" potentially unwanted programs so I can use Cain and
Metasploit on my Windows laptop.
Sue Young, CISSP
On 2/23/07, David Taylor <ltr at isc.upenn.edu> wrote:
> Hi all,
> Since @Stake was acquired by Symantec L0phtCrack is no longer
> available. As
> far as I know it was the only professional quality (with support, etc)
> software available for this purpose. Does anyone know of other software
> that would fit this bill?
> I know there are a lot of applications out there such as John the Ripper,
> Cain, etc but we are looking for one that would, by default, not get
> detected by Anti-Virus software.
> David Taylor //Sr. Information Security Specialist
> University of Pennsylvania Information Security
> Philadelphia PA USA
> (215) 898-1236
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
More information about the list