Cracking tool milks weakness to reveal some Mega passwords

Discussion in 'Technical' started by CATO, Jan 22, 2013.


  1. CATO

    CATO Monkey+++

  2. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    Interesting, but as stated in the comments, Mega does not focus on security of the user, but rather the whole of the site itself.

    And my favorite:
     
  3. melbo

    melbo Hunter Gatherer Administrator Founding Member

    Wanna try something cool? Burn the 'LiveCD' and boot your windows machine from CD. This is on SourceForge, not some viral/malware site
    Ophcrack
    Download ophcrack LiveCD

    The latest version of ophcrack LiveCD is 3.4.0 (including ophcrack 3.4.0). There are three versions available:
    • » ophcrack XP LiveCD: cracks LM hashes (Windows XP and earlier)
    • » ophcrack Vista LiveCD: cracks NT hashes (Windows Vista and 7)

    I was amazed at how fast (using Rainbow Tables) it cracked my work XP machine's login. Think 10's of seconds....
    It's like a smart brute force.

    This will not harm your system nor will it destroy anything. It simply opens you machine by discovering the correct user and password.
     
    Brokor likes this.
  4. CATO

    CATO Monkey+++

    Hacker......
     
  5. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    I've had OphCrack for a while now. I haven't got it to crack my password yet, but it has worked well on other attempts on my own PC's.
     
  6. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    I am wondering if Mega could be used to pass Encrypted Files between users? It would seem to be designed for that purpose. It would seem to be better than DropBox for that application.
     
  7. melbo

    melbo Hunter Gatherer Administrator Founding Member

    Interesting. Oph couldn't crack my U/P initially since it's a network login, not actually stored in the SAM. It was quite successful at opening the local admin user/pass creds that were installed when IT set up the system. From there, it was simple to modify myself to be a local admin on the machine [kissit]

    My work passwords typically use aaaaaa11!@ characters but it unzipped my newly modified credentials in around 35 seconds. Now, this was on XP and I think that MS may have added a few other layers of hash to W7.
    Speaking of hash... be back later [stoner]
     
    CATO likes this.
  8. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    @melbo lol! Hey, do you remember that diagnostics security tool "Gold Scan"? I still have a copy, but I wonder if there's one for Win XP 64 bit?

    Hrm...
     
  9. melbo

    melbo Hunter Gatherer Administrator Founding Member

    Sure. I've done it. One thing that works well is the lack of context for the transfer of an encrypted file that contains a password that doesn't link to any application or username. Use S/MIME or PGP to direct a user (who mentally knows what it's going to unlock) to an encrypted file containing the PW. Add a few more layers and hops and I bet it's pretty good.

    edit to add: not done this on Mega but utilizing other sharing sites.
     
  10. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    This is similar to the Site where the MonkeyNet distribution is stored offshore.... All you have is an IP address, and an access Code... No DNS, OR DOMAIN Name presents at all, Zero, Nada Zip.... And it regurgitates the Directory as a complete download. We also have a DropBox URL that does he same thing. I use the DropBox one, but have only tested the other, and do NOT keep its addy anywhere local. It is stored elsewhere on HD, that I can only get to by going thru a party that is two people removed from "Me" that I do NOT know and have never communicated with. This is how my ANNONOMOUS Connection Works. Blind Comms, thru a Stored Phrase PAD, AND. Fourth Parties....
     
  11. melbo

    melbo Hunter Gatherer Administrator Founding Member

    No. I don't know of Gold Scan.

    I do, however, remember when my college PC (a 286 w/ the 287 Math Co-processor option) booted to a C:/ prompt and I had to run XTree - Wikipedia, the free encyclopedia to get a sudo-graphical list of all DIRs and FILES on the 40MB HD. Ahh, those were the days - hA!, just realized that was pre-Linux (by a year). My Uncle is a MS Certified something or other and I distinctly remember him telling me that Windows (Which was an Application rather than an OS at the time) was just a fad, "Why would you want to open more than one program at a time?" lol


    OK. back to Hash [stoner]
     
  12. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    1984 all over again... Apple rules ....
     
  13. melbo

    melbo Hunter Gatherer Administrator Founding Member

    Love the scalp tattoo...
    linux-rules.
     
    BTPost and Brokor like this.
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7