Cracking Unix Passwords Brute Force - Viper

Viper is a prute force UNIX-style password cracker for passwords encrypt with crypt. It has been developed from Hale's viper 1.4 Perl program. While there are other more powerful crack programs out, this one is about studying the safety of passwords while hardware speed is increasing drastically. If I remember right, I read that on a PDP-11 the password generation took 30 seconds. Now we can do more then 230.000 generations per second on a single CPU core of a single system, increasing speed by a factor of several million. Still, there is some time to go for a 8-character password on full keyspace, see keyspace.txt.

Originally, the ufc-crypt implementation seemed to be the fastest crypt function around, using it made porting the program to different platforms easy.

Viper runs under Linux, Solaris, HPUX and DOS/Windows.


Usage 

Viper v1.6 (Hale 05/12/2000) - C version by Frank4DD (05/05/2014)
Wiltered Fire - www.wilter.com/wf, incl. bugfixes by David C. Rankin

        -f     File to load password from (required unless using lsf)
        -u     Username to load from file (required unless using lsf)
        -lsf   Load saved file from previous session
        -pf    Save progress to file at update interval
        -rf #        Amount of time in hours to run for (default infinite)
        -c #         Character set from charset.ini to use (default 1)
        -pws #       Minimum password length (starting value, default 1)
        -pwl #       Maximum password length (default 8 - maximum 16)
        -ui #        Console update interval (in minutes - default 10)

        -v           Verbose output




Usage Example 

susie112:/home/me/viper-1.6/src # ./viper -f passwd -u root -ui 1 -v

Viper v1.6 (Hale 05/12/2000) - C version by Frank4DD (05/05/2014)
Wiltered Fire - www.wilter.com/wf, incl. bugfixes by David C. Rankin

Found: user root pw:reUJbHrFWYCQk
Found: Charset 0 in charset.ini
...command line parameters loaded.
Character set is 93 chars long
Starting crack on: Sun Oct  3 23:04:44 2009
Cracking for pass length 1 (93 possibilities)
Cracking for pass length 2 (8649 possibilities)
Cracking for pass length 3 (804357 possibilities)
Cracking for pass length 4 (7.48052e+07 possibilities)

[ Length: | Last:    | CPS:    | Time Spent:      | Time Remaining:  | Done:  ]
-------------------------------------------------------------------------------
[    4    |     kq2r |  150000 | 000d:00h:01m:00s | 000d:00h:07m:18s | 12.03% ]

 The password has been located.
 Username : root
 Password : test
 Started  : Sun Oct  3 23:04:44 2009
 Finished : Sun Oct  3 23:06:30 2009
 Duration : 000d:00h:01m:00s


Viper exiting...



Latest Updates 

ºViper Version 1.5 has been updated to use the OpenSSL DES routines for encrypting. The UFC library has been dropped as outdated and even generating segfaults on some systems. There is a performance gain of approx. 25% coming from the OpenSSL libraries. In addition to the libraries, the OpenSSL headers (dev package) need to be installed in order to be able to compile Viper. 

ºViper Version 1.6 received bugfixes thanks to David C. Rankin. 


See also http://fm4dd.com/sw/viper/ 

Download Viper

Read More

Perl Brik Platform - Metabrik

Smartphones have their apps, Web browsers have their apps, shells don’t. With Metabrik, we tried to merge the power of shells with the power of the Perl language by creating a platform allowing to quickly write reusable Briks.

Metabrik goals:

ºGlue the Perl language with a shell
ºGive a standardised API to write reusable Briks
ºSelf-documented Briks to make them easy to use
ºOnly 4 main shell commands to remember: use, set, get, run

Metabrik features:

ºCompletion on Brik names, Commands and Attributes
ºCompletion on file manipulation
ºCompletion on Perl variable names
ºCommand history and recalling
ºCustomization support with a .rc file
ºScripting support
ºMultiple Brik repositories support

Metabrik helps you to concentrate on scenarios instead of wasting your time searching how to use a program. You just have to reuse available Briks to perform your everyday job.

The two main ideas behind Metabrik are:

ºYou have the brain, code has the details
ºDo it once

Download Metabrik

Read More

Practical Reverse Engineering

Book Description:

Reverse engineering is the process of analyzing hardware or software and understanding it, without having access to the source code or design documents. Hackers are able to reverse engineer systems and exploit what they find with scary results. Now the good guys can use the same tools to thwart these threats. Practical Reverse Engineering goes under the hood of reverse engineering for security analysts, security engineers, and system programmers, so they can learn how to use these same processes to stop hackers in their tracks.

The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples.





Source: allitebooks

By Offensive Sec

Read More

The Art of Memory Forensics

Book Description:

Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst’s Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics – now the most sought after skill in the digital forensics and incident response fields.

Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly.






Source: allitebooks

By Offensive Sec

Read More

The InfoSec Handbook

Book Description:

The InfoSec Handbook offers the reader an organized layout of information that is easily read and understood. Allowing beginners to enter the field and understand the key concepts and ideas, while still keeping the experienced readers updated on topics and concepts.

It is intended mainly for beginners to the field of information security, written in a way that makes it easy for them to understand the detailed content of the book. The book offers a practical and simple view of the security practices while still offering somewhat technical and detailed information relating to security. It helps the reader build a strong foundation of information, allowing them to move forward from the book with a larger knowledge base.





Source: allitebooks

By Offensive Sec

Read More

The Manager’s - Guide to Web Application Security

Book Description:

The Manager’s Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively. Often, security vulnerabilities are difficult to understand and quantify because they are the result of intricate programming deficiencies and highly technical issues. Author and noted industry expert Ron Lepofsky breaks down the technical barrier and identifies many real-world examples of security vulnerabilities commonly found by IT security auditors, translates them into business risks with identifiable consequences, and provides practical guidance about mitigating them.





Source: allitebooks

By Offensive Sec

Read More

Threat Modeling

Book Description:

Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You’ll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.





Source: allitebooks

By Offensive Sec

Read More

What Is Computer Science?

Book Description:

This engaging and accessible text addresses the fundamental question: What Is Computer Science? The book showcases a set of representative concepts broadly connected by the theme of information security, for which the presentation of each topic can be treated as a “mini” lecture course, demonstrating how it allows us to solve real problems, as well as how it relates to other subjects. The discussions are further supported by numerous examples and practical hands-on exercises. Features: presents a concise introduction to the study of algorithms and describes how computers work; introduces the concepts of data compression, and error detection and correction; highlights the role of data structures; explores the topic of web-search; reviews both historic and modern cryptographic schemes, examines how a physical system can leak information and discusses the idea of randomness; investigates the science of steganography; provides additional supplementary material at an associated website.





Source: allitebooks

By Offensive Sec

Read More

Computer Security – ESORICS 2013

Book Description:

This book constitutes the refereed proceedings of the 18th European Symposium on Computer Security, ESORICS 2013, held in Egham, UK, in September 2013.

The 43 papers included in the book were carefully reviewed and selected from 242 papers. The aim of ESORICS is to further the progress of research in computer security by establishing a European forum for bringing together researchers in this area, by promoting the exchange of ideas with system developers and by encouraging links with researchers in related areas. The papers cover all topics related to security, privacy and trust in computer systems and networks.





Source: allitebooks

By Offensive Sec

Read More