هک کردن پسورد ویندوز اکس پی حتی در یوزرهای محدود شده

[sezar]

اینو هم اضافه کنم که بهترین راه برای پیدا کردن پسورد ویندوز فایلهای hash سیستم هست.راه های دیگه ای هم واسه هک کردن پسورد وجود داره مثل dictionery attack .اگه زبان C بلد باشی میتونم سورس کد l0pht crack 3 رو برات بفرستم.اگه خواستی یه مسیج واسم بفرست واست پست کنم

 

[saeedsmk]

سلام
خوب هستيد
سزار جان ميتوني كدشو براي من بفرستي
مرسي

 

[sezar]

دوستان،مکانیسم عملکردش رو از خود دکتر مادگ که بهش ایمیل کرده بودم گرفتم،به نظر خودم بهتره اول طرز کارش رو بفهمین بعد سورسش رو ببینید.الان متن ایمیل خودم رو بهش مینویسم و دفعه بعد سورسها رو واستون میزارم.
گفتم بزار کمی حرفه ای کار کنید!!

[FONT=Arial][SIZE=2]Date: Thu, 24 Jul 2005 10:24:37 -0400[/SIZE][/FONT]
[SIZE=2][FONT=Arial]From: Who cares what the hell goes into a Gecos field anyway![/FONT][/SIZE]
[SIZE=2][FONT=Arial]    <[email protected]>[/FONT][/SIZE]
[SIZE=2][FONT=Arial]To: [EMAIL="[email protected]"][email protected][/EMAIL][/FONT][/SIZE]
[SIZE=2][FONT=Arial]Subject: Windows NT rantings from the L0pht[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]I didn't ask to be cc'd into the rantings of the MS Borg Marketing[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Juggernaut but since I'm here...[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]I find this hillarious. The people at MS should know better.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]I haven't been following this thread tremendously but I've seen[/FONT][/SIZE]
[SIZE=2][FONT=Arial]bit's and pieces. Recently there was an attrocious article in WindowsNT[/FONT][/SIZE]
[SIZE=2][FONT=Arial]magazine, where they stated it would take 5000 or so years to break the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]passwords; thus put policy in place to have users change their passwords[/FONT][/SIZE]
[SIZE=2][FONT=Arial]every 2500 years. HELLO? I think these people aren't getting it.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Let's shed some light on things shall we?[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]1. Thank you very little MS for dropping any reference to the l0pht,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]hobbit, or myself in reference to your recent LM-Hash fix. If this[/FONT][/SIZE]
[SIZE=2][FONT=Arial]is how you "correspond" with people who point out problems to you it's[/FONT][/SIZE]
[SIZE=2][FONT=Arial]no wonder that people prefer to release things to the public instead[/FONT][/SIZE]
[SIZE=2][FONT=Arial]of your "proper" channels.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]2. MS agrees that the LM hash is a horrible implementation from a[/FONT][/SIZE]
[SIZE=2][FONT=Arial]security standpoint. They respond with: "well we didn't write the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]protocol that was IBM".[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]3. When MS had the chance to do things a different way (ie Network[/FONT][/SIZE]
[SIZE=2][FONT=Arial]challenge/response obfuscation on NT boxes) they implemented it based[/FONT][/SIZE]
[SIZE=2][FONT=Arial]upon LM techniques to break up components (see #2).[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]4. The LM-hash fix works great if you don't have anything but NT machines[/FONT][/SIZE]
[SIZE=2][FONT=Arial]on your network. If you want to continue being "productive" with your[/FONT][/SIZE]
[SIZE=2][FONT=Arial]win95 machines it is my understanding that you "do it insecurely" or[/FONT][/SIZE]
[SIZE=2][FONT=Arial]you are S.O.L.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]5. Few places are running "nothing but NT" (ie just about everyone[/FONT][/SIZE]
[SIZE=2][FONT=Arial]has 95 or WfW boxes if MS has already gotten their foot in the door).[/FONT][/SIZE]
[SIZE=2][FONT=Arial](see #4)[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]6. MS can't swallow their pride enough to say "oops", even in[/FONT][/SIZE]
[SIZE=2][FONT=Arial]technical circles where they don't have to worry about the general public[/FONT][/SIZE]
[SIZE=2][FONT=Arial]mis-interpreting things.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]7. For the LM hash you only have to break 7 characters, not 14![/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]8. MS keeps talking about the NT hash being so secure while refusing to[/FONT][/SIZE]
[SIZE=2][FONT=Arial]talk about how weak the LM hash is. Guess what, you probably won't be able[/FONT][/SIZE]
[SIZE=2][FONT=Arial]to use the "added security" of the NT hash on your network. Why keep[/FONT][/SIZE]
[SIZE=2][FONT=Arial]talking about something people can't use?[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]9. Even though the NT hash spec says you can have up to 128 char[/FONT][/SIZE]
[SIZE=2][FONT=Arial]passwords,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]I'd really like someone to show me how they can type more than 14[/FONT][/SIZE]
[SIZE=2][FONT=Arial]characters[/FONT][/SIZE]
[SIZE=2][FONT=Arial]into UserManager before it starts Beep-Beep'ing at them.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]10. We demonstrate up front with proof of concept code in L0phtcrack v1.0,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]and L0phtcrack v1.5 that the following is indeed the case.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]For those that don't know, L0phtcrack v1.5 will attack the challenge[/FONT][/SIZE]
[SIZE=2][FONT=Arial]response done over the network. The reason we came out with this was that[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the SYSKEY "fix" that MS came out with only managed to emasculate the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]ADMINISTRATOR and not address the actuall problem. Can we say "save[/FONT][/SIZE]
[SIZE=2][FONT=Arial]face"? I knew we could.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]L0phtcrack v1.5 is available for FREE from [URL]http://www.L0pht.com[/URL] (that's[/FONT][/SIZE]
[SIZE=2][FONT=Arial]a ZERO after the 'L', not an 'o') . It comes with source so you can build[/FONT][/SIZE]
[SIZE=2][FONT=Arial]it on just about any platform.  It is proof-of concept code and thus[/FONT][/SIZE]
[SIZE=2][FONT=Arial]could be sped up tremendously.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Now, let's rip apart why it is so trivial to go through the LM hash on the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]network. And then talk about why the NT hash doesn't matter.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]--------------------------    -----------------------------[/FONT][/SIZE]
[SIZE=2][FONT=Arial]|     16byte LM hash       |  |   16byte NT hash (md4)      |[/FONT][/SIZE]
[SIZE=2][FONT=Arial]--------------------------    -----------------------------[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]We already know that you only have to go through 7 characters to retrieve[/FONT][/SIZE]
[SIZE=2][FONT=Arial]passwords (up to 14 chars in length) in the LM hash, and that since there[/FONT][/SIZE]
[SIZE=2][FONT=Arial]is[/FONT][/SIZE]
[SIZE=2][FONT=Arial]no salting being done, constants show up all over the place giving away[/FONT][/SIZE]
[SIZE=2][FONT=Arial]too much information and speeding up attacks tremendously.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial] -------------------------------------------------[/FONT][/SIZE]
[SIZE=2][FONT=Arial]| 1st 8bytes of LMhash  | second 8bytes of LMhash |[/FONT][/SIZE]
[SIZE=2][FONT=Arial] -------------------------------------------------[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]1st 8 bytes are derived from the first seven characters of the password[/FONT][/SIZE]
[SIZE=2][FONT=Arial]and[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the second 8 bytes are derived from the 8th through 14th characters of[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the password. If the password is less than 7 characters then the second[/FONT][/SIZE]
[SIZE=2][FONT=Arial]half will always be: 0xAAD3B435B51404EE.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Let's assume for this example that the users password has a LM hash of[/FONT][/SIZE]
[SIZE=2][FONT=Arial]0xC23413A8A1E7665fAAD3B435B51404EE (which I'll save everyone the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]nanosecond[/FONT][/SIZE]
[SIZE=2][FONT=Arial]it would have taken for them to plug this into L0phtcrack and have it[/FONT][/SIZE]
[SIZE=2][FONT=Arial]tell them the password is "WELCOME").[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Here's what happens to this hash on the network:[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial] --------                  --------[/FONT][/SIZE]
[SIZE=2][FONT=Arial]|   A    | <______________|  B     |[/FONT][/SIZE]
[SIZE=2][FONT=Arial]|        |                |        |[/FONT][/SIZE]
[SIZE=2][FONT=Arial] --------                  --------[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]B sends an 8 byte challenge to A. (assume 0x0001020304050607)[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Machine A takes the hash of 0xC23413A8A1E7665fAAD3B435B51404EE[/FONT][/SIZE]
[SIZE=2][FONT=Arial]and adds 5 nulls to it, thus becoming[/FONT][/SIZE]
[SIZE=2][FONT=Arial]0xC23413A8A1E7665fAAD3B435B51404EE0000000000.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]The string 0xC23413A8A1E7665fAAD3B435B51404EE0000000000 is broken into[/FONT][/SIZE]
[SIZE=2][FONT=Arial]three groups of 7:[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]C23413A8A1E766   5fAAD3B435B514   04EE0000000000[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]The 7 byte strings are str_to_key'd (if you will) into 8 byte odd parity[/FONT][/SIZE]
[SIZE=2][FONT=Arial]des keys.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Now we have :[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]| 8byteDeskey1 |      | 8byteDeskey2 |    | 8 byteDeskey3 |[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]8byteDeskey1 is used to encrypt the challenge 0x0001020304050607. Let's[/FONT][/SIZE]
[SIZE=2][FONT=Arial]assume the result is 0xAAAAAAAAAAAAAAAA.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]8byteDeskey2 is used to encrypt the challenge 0x0001020304050607. Let's[/FONT][/SIZE]
[SIZE=2][FONT=Arial]assume the result is 0xBBBBBBBBBBBBBBBB.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]8byteDeskey3 is used to encrypt the challenge 0x0001020304050607. Let's[/FONT][/SIZE]
[SIZE=2][FONT=Arial]assume the result is 0xCCCCCCCCCCCCCCCC.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]The three 8byte values are concatenated (!dumb!), and the 24 byte response[/FONT][/SIZE]
[SIZE=2][FONT=Arial]of 0xAAAAAAAABBBBBBBBCCCCCCCC is returned to the server. The server does[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the same thing to the hash on it's end and compares the result to the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]24 byte response. If they match, it was the correct original hash.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Why this is boneheaded:[/FONT][/SIZE]
[SIZE=2][FONT=Arial]----------------------[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]7 char or less passwords.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]    --------------------  --------------------  --------------------[/FONT][/SIZE]
[SIZE=2][FONT=Arial]   |   C23413A8A1E766   ||  5fAAD3B435B514    ||   04EE0000000000   |[/FONT][/SIZE]
[SIZE=2][FONT=Arial]    --------------------  --------------------  --------------------[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]The first thing we check is to see if the users password is less than[/FONT][/SIZE]
[SIZE=2][FONT=Arial]8 characters in length. We do this by taking the 7 byte value of[/FONT][/SIZE]
[SIZE=2][FONT=Arial]0x04EE0000000000, turning it into an 8 byte odd parity DES key,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]and encrypting it against the 8 byte challenge of 0x0001020304050607.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]If we get the result of 0xCCCCCCCCCCCCCCCC then we are pretty sure[/FONT][/SIZE]
[SIZE=2][FONT=Arial]it's < 8 chars in length.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]In order to be sure we can run through 0x??AAD3B435B514 (ie 256 possible[/FONT][/SIZE]
[SIZE=2][FONT=Arial]combinations) to see that 5f shows us the result is 0xBBBBBBBBBBBBBBBB,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]proving that the password is less than 7 characters and also giving us[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the last byte of the first half of the LM hash.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]>From this point, even assuming we're just joyriding and not worried about[/FONT][/SIZE]
[SIZE=2][FONT=Arial]optimizing the way this is done (believe me, there are much more[/FONT][/SIZE]
[SIZE=2][FONT=Arial]effective ways to do this that reduce the amount of time needed even[/FONT][/SIZE]
[SIZE=2][FONT=Arial]further... this whole this is just showing that even a simplistic[/FONT][/SIZE]
[SIZE=2][FONT=Arial]attack works against this implementation), it's no different than[/FONT][/SIZE]
[SIZE=2][FONT=Arial]how a tool like L0phtcrack attacks the hashes in the registry.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]8 char or greater passwords.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]    --------------------  --------------------  --------------------[/FONT][/SIZE]
[SIZE=2][FONT=Arial]   |   C23413A8A1E766   ||  AC435F2DD90417    ||   CCD60000000000   |[/FONT][/SIZE]
[SIZE=2][FONT=Arial]    --------------------  --------------------  --------------------[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]The first thing to check is whether the password is less than 8 characters[/FONT][/SIZE]
[SIZE=2][FONT=Arial]in length. Deriving the 8 byte odd parity des key from 0x04EE0000000000[/FONT][/SIZE]
[SIZE=2][FONT=Arial]and encrypting against 0x0001020304050607 does not, in this case, give[/FONT][/SIZE]
[SIZE=2][FONT=Arial]us 0xCCCCCCCCCCCCCCCC, so we know that the password is 8 characters or[/FONT][/SIZE]
[SIZE=2][FONT=Arial]greater.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]It takes us, in a worst case scenario, 65535 checks to figure out that[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the 2bytes that are used in the last third are 0xCCD6. Even approaching[/FONT][/SIZE]
[SIZE=2][FONT=Arial]this in a completely brain-dead fashion (hey, turn-about is fair play),[/FONT][/SIZE]
[SIZE=2][FONT=Arial]you can go through your 7 digit combinations of characters for the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]first third the same way you would the LM hash from the registry. This[/FONT][/SIZE]
[SIZE=2][FONT=Arial]will yield not only the first third of the response, but also the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]first byte of the second third. Keep in mind that you already have the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]last two bytes that made up the third third.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]You could approach the middle third in the same fashion.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial](note: this whole method that MS is doing screams for a precompute[/FONT][/SIZE]
[SIZE=2][FONT=Arial]table lookup attack - which given the small enough potential values[/FONT][/SIZE]
[SIZE=2][FONT=Arial]is not impossible by any means)[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Thus, the challenge response is completely brute-forcable for the LM-hash.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]MS made the "oversight" of still sending the LM-hash response along with[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the NT response even when SP3 was installed. Thus it was a moot point[/FONT][/SIZE]
[SIZE=2][FONT=Arial]as to how tough or well done the NT hash might or might not be.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Since installing the LM-fix precludes continued use of windows 95 machines[/FONT][/SIZE]
[SIZE=2][FONT=Arial]in regards to talking to NT machines, it is still a moot point as to[/FONT][/SIZE]
[SIZE=2][FONT=Arial]how tough or well done the NT hash might or might not be.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]The LM hash is incredibly weak and your more secure NT hash is brought[/FONT][/SIZE]
[SIZE=2][FONT=Arial]down to the lowest common denominator.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Thus, the challenge response is completely brute-forcable for the LM-hash.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]MS made the "oversight" of still sending the LM-hash response along with[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the NT response even when SP3 was installed. Thus it was a moot point[/FONT][/SIZE]
[SIZE=2][FONT=Arial]as to how tough or well done the NT hash might or might not be.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Since installing the LM-fix precludes continued use of windows 95 machines[/FONT][/SIZE]
[SIZE=2][FONT=Arial]in regards to talking to NT machines, it is still a moot point as to[/FONT][/SIZE]
[SIZE=2][FONT=Arial]how tough or well done the NT hash might or might not be.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]The LM hash is incredibly weak and your more secure NT hash is brought[/FONT][/SIZE]
[SIZE=2][FONT=Arial]down to the lowest common denominator.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]It would have been nice if you could type a password greater than 14chars[/FONT][/SIZE]
[SIZE=2][FONT=Arial]into the UserManager app.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial].mudge[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]--------------------[/FONT][/SIZE]
[SIZE=2][FONT=Arial][URL]http://www.l0pht.com/advisories.html[/URL] - for more security related articles[/FONT][/SIZE]
[SIZE=2][FONT=Arial]                                      published by the L0pht[/FONT][/SIZE]
[SIZE=2][FONT=Arial]--------------------[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]         COMMERCIAL AND GOVERNMENT USERS PLEASE SEE THE END[/FONT][/SIZE]
[SIZE=2][FONT=Arial]         OF THIS FILE FOR LICENSING INFORMATION. FOR YOU THIS[/FONT][/SIZE]
[SIZE=2][FONT=Arial]         PROGRAM IS SHAREWARE, FOR ALL OTHERS IT IS FREE.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]                        L0phtCrack 1.5[/FONT][/SIZE]
[SIZE=2][FONT=Arial]                        Released 7/12/97[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]         Available at [URL]http://www.l0pht.com/advisories.html[/URL][/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]                        [EMAIL="[email protected]"][email protected][/EMAIL][/FONT][/SIZE]
[SIZE=2][FONT=Arial]                        [EMAIL="[email protected]"][email protected][/EMAIL] [/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]OVERVIEW[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]L0phtCrack 1.5 is a tool for turning Microsoft LANMAN and NT password[/FONT][/SIZE]
[SIZE=2][FONT=Arial]hashes back into the original clear text passwords.  The program[/FONT][/SIZE]
[SIZE=2][FONT=Arial]does this using dictionary cracking and also brute force.  L0phtCrack[/FONT][/SIZE]
[SIZE=2][FONT=Arial]1.5 returns not just the LANMAN passord but the NT password up to 14[/FONT][/SIZE]
[SIZE=2][FONT=Arial]characters in length. L0phtcrack will read pwdump style output or take[/FONT][/SIZE]
[SIZE=2][FONT=Arial]network sniffer logs. The program is distributed as both a GUI and[/FONT][/SIZE]
[SIZE=2][FONT=Arial]in CLI form.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Version 1.0 of L0phtCrack was deficient because the graphical version[/FONT][/SIZE]
[SIZE=2][FONT=Arial]of the program did not support the brute force method that was in the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Command Line version which accompanied it.  This has been fixed for version [/FONT][/SIZE]
[SIZE=2][FONT=Arial]1.5.  The brute force efficiency has been improved and an option to select [/FONT][/SIZE]
[SIZE=2][FONT=Arial]the character set that makes up the password has been added.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]The default behavior of the GUI is to do a dictionary attack on the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]password file and then brute force the remaining uncracked passwords.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Sample password files are named pwfile.txt, pwfile2.txt, pwfile3.txt[/FONT][/SIZE]
[SIZE=2][FONT=Arial]and pwfile4.txt.  A 28000 word dictionary file is included named[/FONT][/SIZE]
[SIZE=2][FONT=Arial]wfile.txt.  You can dump passwords directly from L0phtCrack if you have[/FONT][/SIZE]
[SIZE=2][FONT=Arial]administrator rights.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]L0phtCrack 1.5 includes the ability to dictionary attack or brute force[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the network NT server challenge that is used to prevent the OWF from[/FONT][/SIZE]
[SIZE=2][FONT=Arial]going across the wire in its plaintext format.  Sample network sniffed[/FONT][/SIZE]
[SIZE=2][FONT=Arial]challenges are in files sniff.txt and sniff2.txt.  This means you[/FONT][/SIZE]
[SIZE=2][FONT=Arial]can get NT passwords without administrator privileges if you have network[/FONT][/SIZE]
[SIZE=2][FONT=Arial]access between the client and the server.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]With only trivial modifications you can break the SMB signing options[/FONT][/SIZE]
[SIZE=2][FONT=Arial]and play man in the middle attacks. These 'signatures' are derived[/FONT][/SIZE]
[SIZE=2][FONT=Arial]in almost identical fashion as the challenge response is.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]You can build the sniff files by hand using your favorite network analyzer[/FONT][/SIZE]
[SIZE=2][FONT=Arial]or wait for our tool which sniffs the network and builds these files.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]The sniffing tool will be made available shortly.  [/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Also to be made available shortly is a commercial multiprocessor[/FONT][/SIZE]
[SIZE=2][FONT=Arial]version, L0phtCrack/SMP 1.5 for NT and Solaris.  Contact [EMAIL="[email protected]"][email protected][/EMAIL][/FONT][/SIZE]
[SIZE=2][FONT=Arial]for more information.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]FILES IN THE EXECUTABLE DISTRIBUTION - LC15EXE.ZIP[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]lc_cli.exe is the command line version of the program.  Run this if you [/FONT][/SIZE]
[SIZE=2][FONT=Arial]think little status counters are sucking up all you performance or do not[/FONT][/SIZE]
[SIZE=2][FONT=Arial]need you hand held by point-and-click tools. Source[/FONT][/SIZE]
[SIZE=2][FONT=Arial]code for this program that will build on Win95/NT or Unix is included in the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]source code distribution: lc15src.zip or lc15src.tar.gz[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]lc_gui.exe is the NT graphical version of L0phtCrack.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]lc_guipro.exe is the NT graphical version of L0phtCrack that has been compiled[/FONT][/SIZE]
[SIZE=2][FONT=Arial]with Pentuim Pro optimizations turned on.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]lc_gui95.exe is Win95 graphical version of L0phtCrack. This version does not[/FONT][/SIZE]
[SIZE=2][FONT=Arial]support password dumping due to Win95 limitations.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]FILES IN THE SOURCE DISTRIBUTION - LC15SRC.ZIP or LC15SRC.TAR.GZ[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]This archive contains all the source to build the command line version of[/FONT][/SIZE]
[SIZE=2][FONT=Arial]L0phtCrack 1.5.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]PERFORMANCE[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Dictionary cracking is extremely fast.  L0phtCrack running on a Pentium Pro[/FONT][/SIZE]
[SIZE=2][FONT=Arial]200 checked a password file with 100 passwords against a 8 Megabyte dictionary[/FONT][/SIZE]
[SIZE=2][FONT=Arial]file in under one minute.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Brute forcing is always an extremely CPU intensive operation.  We have worked[/FONT][/SIZE]
[SIZE=2][FONT=Arial]to optimize this in L0phtCrack 1.5.  L0phtCrack running on a Pentium Pro[/FONT][/SIZE]
[SIZE=2][FONT=Arial]200 checked a password file with 10 passwords using the alpha character set[/FONT][/SIZE]
[SIZE=2][FONT=Arial](A-Z) in 26 hours.  The graphical verion of L0phtCrack 1.5 features a [/FONT][/SIZE]
[SIZE=2][FONT=Arial]percentage done counter and a time remaining estimate so you can gauge when [/FONT][/SIZE]
[SIZE=2][FONT=Arial]the task will be complete. [note from mudge: try building the CLI version[/FONT][/SIZE]
[SIZE=2][FONT=Arial]on an ultrasparc using the compile flags in the Makefile provided - this[/FONT][/SIZE]
[SIZE=2][FONT=Arial]will make these figures look sloooooowwww ;-)][/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]The l0phtcrack1.5 GUI allows you to select one of 5 character sets to brute [/FONT][/SIZE]
[SIZE=2][FONT=Arial]force passwords that use more characters than A-Z.  As the character sets [/FONT][/SIZE]
[SIZE=2][FONT=Arial]increase in size from 26 characters to 68 the time to brute force the password[/FONT][/SIZE]
[SIZE=2][FONT=Arial]increases exponentially. The CLI version allows you to specify a file [/FONT][/SIZE]
[SIZE=2][FONT=Arial]containing your keyspace string via the '-k' option. Please keep in mind[/FONT][/SIZE]
[SIZE=2][FONT=Arial]that you should only be using UPPERCASE characters as we will derive the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]lower case ones later in the cracking. [examine the source code if this[/FONT][/SIZE]
[SIZE=2][FONT=Arial]is un-clear][/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]This chart illustrates the relative time for larger character sets. [/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Char                    Relative [/FONT][/SIZE]
[SIZE=2][FONT=Arial]Size    Iterations      Time[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]26      8353082582      1.00[/FONT][/SIZE]
[SIZE=2][FONT=Arial]36      80603140212     9.65[/FONT][/SIZE]
[SIZE=2][FONT=Arial]46      4.45502E+11     53.33[/FONT][/SIZE]
[SIZE=2][FONT=Arial]68      6.82333E+12     816.86[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]So if 26 characters takes 26 hours to complete, 36 characters (A-Z,0-9) would[/FONT][/SIZE]
[SIZE=2][FONT=Arial]take 250 hours or 10.5 days.  Now of course this is the worst case senario of[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the password being 99999999999999. A password such as take2asp1r1n would [/FONT][/SIZE]
[SIZE=2][FONT=Arial]probably be computed in about 7 days.  [mudge note: again, try this on[/FONT][/SIZE]
[SIZE=2][FONT=Arial]other architectures for better performance][/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]NT Server Challenge Sniffing[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Here is a description of the challenge that takes place over the network[/FONT][/SIZE]
[SIZE=2][FONT=Arial]when a client, such as a Windows NT workstation, connects to an NT Server.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]       [assuming initial setup etc...][/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]          8byte "random" challenge[/FONT][/SIZE]
[SIZE=2][FONT=Arial]    Client <---------------------- Server[/FONT][/SIZE]
[SIZE=2][FONT=Arial]    OWF1 = pad Lanman OWF with 5 nulls[/FONT][/SIZE]
[SIZE=2][FONT=Arial]    OWF2 = pad NT OWF with 5 nulls[/FONT][/SIZE]
[SIZE=2][FONT=Arial]    resp = E(OWF1, Chal) E(OWF2, Chal)[/FONT][/SIZE]
[SIZE=2][FONT=Arial]          48byte response (24byte lanman 24byte nt)[/FONT][/SIZE]
[SIZE=2][FONT=Arial]    Client -----------------------> Server[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]The client takes the OWF ( all 16 bytes of it) and pads with 5 nulls. [/FONT][/SIZE]
[SIZE=2][FONT=Arial]From this point it des ecb encrypts the, now 21byte, OWF with the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]8byte challenge. The resulting 24byte string is sent over to the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]server who performs the same operations on the OWF stored in it's[/FONT][/SIZE]
[SIZE=2][FONT=Arial]registry and compares the resulting two 24byte strings. If they [/FONT][/SIZE]
[SIZE=2][FONT=Arial]match the user used the correct passwd.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]What's cool about this? Well, now you can take your sniffer logs[/FONT][/SIZE]
[SIZE=2][FONT=Arial]of NT logons and retrieve the plaintext passwords. This does not[/FONT][/SIZE]
[SIZE=2][FONT=Arial]require an account on the NT machine nor does it require previous[/FONT][/SIZE]
[SIZE=2][FONT=Arial]knowledge of the ADMINISTRATOR password. [/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]The fact that these three responses are concatenated quickly gives[/FONT][/SIZE]
[SIZE=2][FONT=Arial]away the length of the password for the LM hash and the attack can[/FONT][/SIZE]
[SIZE=2][FONT=Arial]work backwards the same way the non-networked one does. [/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]So even if you have installed Service Pack 3 and enabled SAM encryption [/FONT][/SIZE]
[SIZE=2][FONT=Arial]your passwords are still vulnerable if they go over the network.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]Special thanks go out to:[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]- [EMAIL="[email protected]"][email protected][/EMAIL] for all the cool ideas and bare feet. Especially[/FONT][/SIZE]
[SIZE=2][FONT=Arial]  for his monster paper on CIFS problems.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]- Jeremey Allison [EMAIL="[email protected]"][email protected][/EMAIL] - for the fantastic sleuthing with[/FONT][/SIZE]
[SIZE=2][FONT=Arial]  PWDump.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]- [EMAIL="[email protected]"][email protected][/EMAIL] for a some nice little code tips and generall coolness.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]- the people who did SAMBA for being nuts![/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]- the people who did libdes for being nuts![/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]- Yobie for always fighting giants.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]If anyone makes modifications / improvements please mail the diffs to[/FONT][/SIZE]
[SIZE=2][FONT=Arial][EMAIL="[email protected]"][email protected][/EMAIL].[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]We hope this tool is useful,[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial][EMAIL="[email protected]"][email protected][/EMAIL] , [EMAIL="[email protected]"][email protected][/EMAIL][/FONT][/SIZE]
 
 
 
 
 
[SIZE=2][FONT=Arial]LICENSING INFORMATION LICENSING INFORMATION LICENSING INFORMATION [/FONT][/SIZE]
[SIZE=2][FONT=Arial]LICENSING INFORMATION LICENSING INFORMATION LICENSING INFORMATION[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]LHI TECHNOLOGIES, LLC  SOFTWARE LICENSE AGREEMENT [/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]THIS IS A LEGAL AGREEMENT BETWEEN YOU AND LHI TECHNOLOGIES, LLC ("LHI").[/FONT][/SIZE]
[SIZE=2][FONT=Arial]CAREFULLY READ ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT PRIOR TO USING[/FONT][/SIZE]
[SIZE=2][FONT=Arial]THE SOFTWARE. BY USING THE SOFTWARE YOU CONSENT TO BE BOUND BY THE TERMS OF[/FONT][/SIZE]
[SIZE=2][FONT=Arial]THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL THE TERMS OF THIS AGREEMENT, DO[/FONT][/SIZE]
[SIZE=2][FONT=Arial]NOT USE THE SOFTWARE. [/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]***************************************************************************[/FONT][/SIZE]
[SIZE=2][FONT=Arial]IF YOU ARE A COMMERCIAL OR GOVERNMENTAL ENTITY THE GRAPHICAL EXECUTABLE[/FONT][/SIZE]
[SIZE=2][FONT=Arial]VERSIONS OF THIS SOFTWARE, ("L0PHTCRACK 1.5") ARE NOT FREE OF CHARGE.  IF[/FONT][/SIZE]
[SIZE=2][FONT=Arial]YOU USE THE SOFTWARE BEYOND THE EVALUATION PERIOD OF 7 DAYS YOU MUST MAKE A[/FONT][/SIZE]
[SIZE=2][FONT=Arial]PAYMENT OF $50 TO LHI.  PAYMENT MUST BE SENT TO: LHI, PO BOX 990857, BOSTON,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]MA 02199. [/FONT][/SIZE]
[SIZE=2][FONT=Arial]****************************************************************************[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]THE GRAPHICAL EXECUTABLE VERSIONS ARE THE FILES NAMED: lc_gui.exe, [/FONT][/SIZE]
[SIZE=2][FONT=Arial]lc_guipro.exe and lc_gui95.exe CONTAINED IN THE ARCHIVE FILE lc15exe.zip[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]IF YOU ARE A NEITHER A COMMERCIAL NOR GOVERNMENTAL ENTITY YOU MAY USE THIS[/FONT][/SIZE]
[SIZE=2][FONT=Arial]SOFTWARE FREE OF CHARGE.[/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]1.TITLE AND OWNERSHIP. The Software is owned by LHI[/FONT][/SIZE]
[SIZE=2][FONT=Arial]The Software is protected by United States and international copyright and[/FONT][/SIZE]
[SIZE=2][FONT=Arial]other laws. You may not remove, obscure, or alter any notice of[/FONT][/SIZE]
[SIZE=2][FONT=Arial]patent, copyright, trademark, trade secret, or other proprietary rights.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]You may not reverse engineer, disassemble or de-compile the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Software nor may you permit anyone else to do so. [/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]This license and your right to use the Software terminate automatically[/FONT][/SIZE]
[SIZE=2][FONT=Arial]if you violate any part of this Agreement. [/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]3.DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY[/FONT][/SIZE]
[SIZE=2][FONT=Arial]OF ANY KIND, WHETHER EXPRESS OR IMPLIED. WITHOUT[/FONT][/SIZE]
[SIZE=2][FONT=Arial]LIMITATION, LHI DISCLAIMS ALL IMPLIED[/FONT][/SIZE]
[SIZE=2][FONT=Arial]WARRANTIES WITH RESPECT TO THE SOFTWARE, ITS[/FONT][/SIZE]
[SIZE=2][FONT=Arial]MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR[/FONT][/SIZE]
[SIZE=2][FONT=Arial]PURPOSE. YOU ASSUME ALL RISK IN USING THE SOFTWARE.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]IN NO EVENT WILL LHI BE LIABLE FOR INDIRECT,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]WITHOUT LIMITATION, LOSS OF INCOME, LOSS OF USE, OR[/FONT][/SIZE]
[SIZE=2][FONT=Arial]LOSS OF INFORMATION. IN NO EVENT WILL LHI BE[/FONT][/SIZE]
[SIZE=2][FONT=Arial]LIABLE FOR ANY DAMAGES, EVEN IF LHI SHALL HAVE[/FONT][/SIZE]
[SIZE=2][FONT=Arial]BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES[/FONT][/SIZE]
[SIZE=2][FONT=Arial]OR FOR ANY CLAIM BY ANY OTHER PARTY. CERTAIN STATES[/FONT][/SIZE]
[SIZE=2][FONT=Arial]DO NOT PERMIT EXCLUSIONS OF IMPLIED WARRANTIES OR[/FONT][/SIZE]
[SIZE=2][FONT=Arial]LIMITATIONS OF LIABILITY, SO THIS DISCLAIMER MAY NOT[/FONT][/SIZE]
[SIZE=2][FONT=Arial]APPLY TO YOU OR MAY APPLY TO YOU ONLY IN PART. YOU[/FONT][/SIZE]
[SIZE=2][FONT=Arial]MAY HAVE OTHER LEGAL RIGHTS WHICH VARY FROM STATE[/FONT][/SIZE]
[SIZE=2][FONT=Arial]TO STATE. [/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]4.EXPORT COMPLIANCE. You may not export or reexport the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Software except in full compliance with all United States and other[/FONT][/SIZE]
[SIZE=2][FONT=Arial]applicable laws and regulations, including laws and regulations[/FONT][/SIZE]
[SIZE=2][FONT=Arial]pertaining to the export of computer software. [/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]5.GENERAL. This Agreement constitutes the entire agreement between[/FONT][/SIZE]
[SIZE=2][FONT=Arial]you and LHI and supersedes any prior written or oral agreement[/FONT][/SIZE]
[SIZE=2][FONT=Arial]concerning the Software. It shall not be modified except by written[/FONT][/SIZE]
[SIZE=2][FONT=Arial]agreement dated subsequent to the date of this Agreement and signed[/FONT][/SIZE]
[SIZE=2][FONT=Arial]by an authorized LHI representative. LHI is not bound by any[/FONT][/SIZE]
[SIZE=2][FONT=Arial]provision of any purchase order, receipt, acceptance, confirmation,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]correspondence, or otherwise, unless LHI specifically agrees to[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the provision in writing. This Agreement is governed by the laws of[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the State of Massachusetts as if the parties hereto were both Massachusetts[/FONT][/SIZE]
[SIZE=2][FONT=Arial]residents; and you consent to exclusive jurisdiction in the state and[/FONT][/SIZE]
[SIZE=2][FONT=Arial]federal courts in Boston in the event of any dispute. [/FONT][/SIZE]
 
[SIZE=2][FONT=Arial]6.U.S. GOVERNMENT RESTRICTED RIGHTS. The Software is[/FONT][/SIZE]
[SIZE=2][FONT=Arial]provided with RESTRICTED RIGHTS. Use, duplication, or disclosure[/FONT][/SIZE]
[SIZE=2][FONT=Arial]by the Government is subject to restrictions as set forth in[/FONT][/SIZE]
[SIZE=2][FONT=Arial]subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Software clause at DFARS 252.227-7013 or subparagraphs (c)(1) and[/FONT][/SIZE]
[SIZE=2][FONT=Arial](2) of the Commercial Computer Software Restricted Rights at 48[/FONT][/SIZE]
[SIZE=2][FONT=Arial]CFR 52.227-19, as applicable. Contractor/manufacturer is LHI[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Technologies, LLC, PO Box 990857, Boston, MA 02199. [/FONT][/SIZE]

 

[darklord]

موافقم :

http://www.packetstormsecurity.org/Crackers/NT/l0phtcrack/l0phtcrack.rant.nt.passwd.txt

 

[darklord]

با اینم موافقم:

http://seclists.org/bugtraq/1997/Jul/0135.html

 

[darklord]

بعد از خوندن نامه، آخر صفحه لینک دانلود برای l0pht crack 1.5 وجود داره.

http://insecure.org/sploits/l0phtcrack.lanman.problems.html

اگرم نمیخواین نامه رو بخونید، فقط دانلود کنید : http://insecure.org/stf/lc15src.tgz

 

[sezar]

خود سورس هست.واسه من هم عین همین یکی هست

 

[saeed_vb]

ممنون و متشکر
برم به یاد قدیما کد c بخونم ببینم چیزی دست گیرم میشه یا نه:happy:
موفق باشید

 

[sezar]

شما هم موفق باشین...

 

[darklord]

البته کد خیلی پیچیدست. وسطاش یهو زده به سر کد نویس و مثلا یه عدد رندوم گرفته با عدد اصلی XOR کرده... واسه خودش غوغاییه ... .

 

[aria_cop]

این لینک میتونه کمکتون کنه!؟
http://www.password-changer.com

 

[sezar]

یه پی نوشت کوچیک:
----------------------
نویسندگان این برنامه (LC5)،هکرهایی هستند که به مدیریت دکتر مادگ (dr.mudge) که بزرگ ترین هکر جهان هم هست (البته بعد از کوین متینک) تحت یک گروه به نام l0pht فعالیت میکنند. این گروه 25 سال پیش توسط همین دکتر مادگ که یه جوون به سبک پانکی (همون لات چهار راه خودمون!) هست،تشکیل شد و الان هم در زیرمجموعه شرکت @stack کار میکنن. شاید اگه هکری اینجا وجود داشته باشه نرم افزار back orfice 2000 رو به خوبی میشناسه.این نرم افزار توسط دکتر مادگ و دوست ایشون یعنی dill dog نوشته شده .
در ضمن گروه l0pht خیلی به برنامه LC خودشون میبالند.اگه ازشون بخوان resume خودشون رو براتون بنویسند،50 صفحه رزومه رو فقط با شرح l0pht crack سپری میکنند.عکس زیر دو تن از مهره های اصلی این گروه هکری رو نشون میده

سمت راست: dill dog - سمت چپ: Dr.Mudge​

---------------
امیدوارم که اطلاعات مفیدی رو در اختیارتون گذاشته باشم.

 

[saeedsmk]

سلام
ممنون از سورس
سزار جان كاش كامل مينوشتي
-----------------------------------
پي نوشت :
اين اطلاعات رو جاي خوندم زماني كه دنبال برنامه هاي هك و در زمينه امنيت شبكه كار مي كردم :
اين گروه در ابتدا بصورت هكر هاي كلاه سياه كار خودشون رو ادامه دانند .
تا اينكه بعلت هك كردن چندين سايت و..... مورد تعقيب قرار گرفتنتند . با پيشنهاد اينكه اين گروه فعاليت خودشون رو در جهت كار هاي مثبت ( كار هاي هكر هاي كلاه سفيد ) ادامه بدند مسولان اين پي گرد را منتفعي اعلام كردند
اما خيلي از هكرها ميگن كه اين فقط يك بازي بوده و هنوز اين گروه محفل زير زميني خودشون رو حفظ كرداند

برنامه اي هاي زيادي ساخت اين گروه است كه معروفترين انها lc است .
اصولا الگوريتم هاي هوش مصنوعي و خود اموز جهت پيدا كردن پسوردها و از رمز خارج كردن هش و كار روي ام دي 5 و.... كه براي برنامه هك و بروت فورس كه بصورت پيش رفته اند بر اساس كار اين گروه نوشته ميشه ( و يا همين گروه اون ها را مينويسه )

كلا گروه جالبيه - من يك زماني طرف دارشون بودم

اميدوارم جالب توجه باشه

 

[sezar]

به خاطر کامل کردن مطلب ، از شما متشکرم...

 

[saeed_vb]

سلام این ببینید بد نیست
http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/index.php
:happy:

 

[@gh@m@hdi]

خدایتان بیامرزد!!!!عجیب باب میل ما بود!

 

[saeed_vb]

ورژن جدید اضافه شد :happy: :happy: :happy:

 

[sajjadstar]

ورژن جدید اضافه شد :happy: :happy: :happy:

سلام
آقا من هر چی زور زدم نتونستم دانلودش کنم اگه کسی از بچه ها آخرین ورژن FindUserPassword رو داره آپلودش کنه و لینکشو بذاره یا آقا سعید خودت زحمتشو بکش واسم ایمیلیش کن
تو رو خدا فقط زود لنگه این برنامم
[email protected]

 

[saeed_vb]

سلام
آقا من هر چی زور زدم نتونستم دانلودش کنم اگه کسی از بچه ها آخرین ورژن FindUserPassword رو داره آپلودش کنه و لینکشو بذاره یا آقا سعید خودت زحمتشو بکش واسم ایمیلیش کن
تو رو خدا فقط زود لنگه این برنامم
[email protected]

لینک دانلودش درست شد

 

[p_neea]

لینک دانلودش درست شد

آقا سلام کاراکتر دات (.) توی این برنامه فراموش شده دات رو نمی تونه پیدا کنه