[Dshield] Password Cracking Software

Josh Cheney jcheney at mfx.net
Thu May 3 15:31:58 GMT 2007


David,
I think that we all understand what you are asking, but are not  
entirely sure *why* you need it to be that way. Regardless of what  
package/product you end up going with, it is a potentially malicious  
tool, and I would be contacting my AV vendor to express my  
displeasure if my AV solution *didn't* pick up a tool like this.

Presumably this isn't something that is going to be distributed to  
more than 10-20 people, which is a small enough sample that either  
they can deal with the warnings and click the allow button (or  
whatever it ends up being), or you could set up a machine (virtual or  
physical) that has this software installed and run all of the testing  
from there. I don't really see the need to distribute this software  
out to the IT group as a whole.

On Feb 23, 2007, at 3:15 PM, David Taylor wrote:

> Thanks Sue,
>
> To add a bit more information to this so folks get an understanding  
> at what
> I am trying to get at.  A while back we were looking at having IT  
> folks here
> at Penn use password cracking software against various systems as  
> part of a
> security assessment.  L0phtCrack was a legitimate application  
> (legit in this
> case means Symantec didn't detect it as evil). We were planning on  
> talking
> to @Stake about a site license. If we are going to make  
> recommendations of
> specific software to use in reality it can't be one that would be  
> detected
> by AV software by default.
>
> Since Rainbow Tables is the big thing now I downloaded Ophtcrack  
> and as soon
> as I began the install it pwdump was detected by Symantec. So, if we
> recommend software to our Penn IT Community we really can't tell  
> them they
> need to stop the AV software from detecting it.  If that makes sense.
>
>
> ==================================================
> David Taylor //Sr. Information Security Specialist
> University of Pennsylvania Information Security
> Philadelphia PA USA
> (215) 898-1236
> http://www.upenn.edu/computing/security/
> ==================================================
>
>
> -----Original Message-----
> From: list-bounces at lists.dshield.org [mailto:list- 
> bounces at lists.dshield.org]
> On Behalf Of Sue Young
> Sent: Friday, February 23, 2007 2:51 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Password Cracking Software
>
>
> I usually turn off my antivirus when I use such things.  McAffee  
> has an
> option to allow "PUPS"  potentially unwanted programs so I can use  
> Cain and
> Metasploit on my Windows laptop.
>
> Sue Young, CISSP
>
> On 2/23/07, David Taylor <ltr at isc.upenn.edu> wrote:
>>
>>
>> Hi all,
>>
>> Since @Stake was acquired by Symantec L0phtCrack is no longer
>> available.  As
>> far as I know it was the only professional quality (with support,  
>> etc)
>> software available for this purpose.  Does anyone know of other  
>> software
>> that would fit this bill?
>>
>> I know there are a lot of applications out there such as John the  
>> Ripper,
>> Cain, etc but we are looking for one that would, by default, not get
>> detected by Anti-Virus software.
>>
>> ==================================================
>> David Taylor //Sr. Information Security Specialist
>> University of Pennsylvania Information Security
>> Philadelphia PA USA
>> (215) 898-1236
>> http://www.upenn.edu/computing/security/
>> ==================================================
>>
>>
>> _________________________________________
>>
>> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
>> taught by our top rated instructors plus a huge vendor tools expo.
>> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
>>
> _________________________________________
>
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
>
>
>
> _________________________________________
>
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
>

--
Josh Cheney
jcheney at mfx.net
http://www.joshcheney.com





More information about the list mailing list