[Owasp-cincinnati] program to break weak encryption

Marco Morana marco.m.morana at gmail.com
Tue Sep 2 12:49:03 EDT 2008


Hi Yan

you can use John the Ripper for password cracking: http://www.openwall.com/john/

A good reference for other tools is herein
http://packetstormsecurity.org/Crackers/indexsize.html

Be careful when you use these tools since might trigger IDS alerts.

If you are not authorized for a security assessment and it is just for
your knowledge/research I suggest to use the tools with your PC off
the network.

Regards

Marco

p.s. Defcon had an interesting presentation on these tools herein
http://mirror.sweon.net/defcon16/Speakers/Weir/defcon-16-weir.pdf



On Tue, Sep 2, 2008 at 9:43 AM, Zhou, Yan <yzhou at medplus.com> wrote:
> Hi there,
>
>
>
> Is there any program that can break weak encryption?
>
>
>
> For example, the WebGoat lesson "Weak Authentication" uses weak encryption
> for a authentication cookie (see below). I wonder if there is any program
> that would take these input, guess the encryption algorithm, and show the
> encrypted value for some additional given input. This is not just a
> brute-force attack, the program would try to figure out encryption
> algorithm. I do not know if anyone has a link to such sites or program.
>
>
>
> 65432ubphcfx  for  webgoat
>
> 65432udfqtb    for   aspect
>
>
>
> Thanks,
>
> Yan Zhou
>
>
>
>
> Confidentiality Notice: The information contained in this electronic
> transmission is confidential and may be legally privileged. It is intended
> only for the addressee(s) named above. If you are not an intended recipient,
> be aware that any disclosure, copying, distribution or use of the
> information contained in this transmission is prohibited and may be
> unlawful. If you have received this transmission in error, please notify us
> by telephone (513) 229-5500 or by email (postmaster at MedPlus.com). After
> replying, please erase it from your computer system.
>
> _______________________________________________
> Owasp-cincinnati mailing list
> Owasp-cincinnati at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-cincinnati
>
>


More information about the Owasp-cincinnati mailing list