[Dshield] Password Cracking Software

Ackley, Alex aackley at epmgpc.com
Thu May 3 15:17:24 GMT 2007


Symantec has the ability to create groups of computers.  It can also be
set to not look at a certain class of programs which they call "Hack
Tools" that can be excluded from real time scanning and/or set to not
look at a certain directory.  We use both and always install our tools
to a certain directory.

This allows us to use the tools like Cain and Metasploit without having
to shut down our AV software.  Symantec still detects the tools it just
logs them and allows them to continue.  This way you can still look for
unauthorized installs and uses of the tools.

Alex Ackley, CISSP, GSEC
Security/System Admin
EPMG, PC

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of David Taylor
Sent: Friday, February 23, 2007 3:16 PM
To: 'General DShield Discussion List'
Subject: Re: [Dshield] Password Cracking Software

Thanks Sue,

To add a bit more information to this so folks get an understanding at
what
I am trying to get at.  A while back we were looking at having IT folks
here
at Penn use password cracking software against various systems as part
of a
security assessment.  L0phtCrack was a legitimate application (legit in
this
case means Symantec didn't detect it as evil). We were planning on
talking
to @Stake about a site license. If we are going to make recommendations
of
specific software to use in reality it can't be one that would be
detected
by AV software by default.

Since Rainbow Tables is the big thing now I downloaded Ophtcrack and as
soon
as I began the install it pwdump was detected by Symantec. So, if we
recommend software to our Penn IT Community we really can't tell them
they
need to stop the AV software from detecting it.  If that makes sense.


==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 


-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org]
On Behalf Of Sue Young
Sent: Friday, February 23, 2007 2:51 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Password Cracking Software


I usually turn off my antivirus when I use such things.  McAffee has an
option to allow "PUPS"  potentially unwanted programs so I can use Cain
and
Metasploit on my Windows laptop.

Sue Young, CISSP

On 2/23/07, David Taylor <ltr at isc.upenn.edu> wrote:
>
>
> Hi all,
>
> Since @Stake was acquired by Symantec L0phtCrack is no longer
> available.  As
> far as I know it was the only professional quality (with support, etc)
> software available for this purpose.  Does anyone know of other
software
> that would fit this bill?
>
> I know there are a lot of applications out there such as John the
Ripper,
> Cain, etc but we are looking for one that would, by default, not get
> detected by Anti-Virus software.
>
> ==================================================
> David Taylor //Sr. Information Security Specialist
> University of Pennsylvania Information Security
> Philadelphia PA USA
> (215) 898-1236
> http://www.upenn.edu/computing/security/
> ==================================================
>
>
> _________________________________________
>
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
>
_________________________________________

SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)



_________________________________________

SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)



More information about the list mailing list