Discussion in 'Technical' started by CATO, Jan 22, 2013.
Cracking tool milks weakness to reveal some Mega passwords | Ars Technica
Interesting, but as stated in the comments, Mega does not focus on security of the user, but rather the whole of the site itself.
And my favorite:
Wanna try something cool? Burn the 'LiveCD' and boot your windows machine from CD. This is on SourceForge, not some viral/malware site
Download ophcrack LiveCD
The latest version of ophcrack LiveCD is 3.4.0 (including ophcrack 3.4.0). There are three versions available:
» ophcrack XP LiveCD: cracks LM hashes (Windows XP and earlier)
» ophcrack Vista LiveCD: cracks NT hashes (Windows Vista and 7)
I was amazed at how fast (using Rainbow Tables) it cracked my work XP machine's login. Think 10's of seconds....
It's like a smart brute force.
This will not harm your system nor will it destroy anything. It simply opens you machine by discovering the correct user and password.
I've had OphCrack for a while now. I haven't got it to crack my password yet, but it has worked well on other attempts on my own PC's.
I am wondering if Mega could be used to pass Encrypted Files between users? It would seem to be designed for that purpose. It would seem to be better than DropBox for that application.
Interesting. Oph couldn't crack my U/P initially since it's a network login, not actually stored in the SAM. It was quite successful at opening the local admin user/pass creds that were installed when IT set up the system. From there, it was simple to modify myself to be a local admin on the machine
My work passwords typically use aaaaaa11!@ characters but it unzipped my newly modified credentials in around 35 seconds. Now, this was on XP and I think that MS may have added a few other layers of hash to W7.
Speaking of hash... be back later
@melbo lol! Hey, do you remember that diagnostics security tool "Gold Scan"? I still have a copy, but I wonder if there's one for Win XP 64 bit?
Sure. I've done it. One thing that works well is the lack of context for the transfer of an encrypted file that contains a password that doesn't link to any application or username. Use S/MIME or PGP to direct a user (who mentally knows what it's going to unlock) to an encrypted file containing the PW. Add a few more layers and hops and I bet it's pretty good.
edit to add: not done this on Mega but utilizing other sharing sites.
This is similar to the Site where the MonkeyNet distribution is stored offshore.... All you have is an IP address, and an access Code... No DNS, OR DOMAIN Name presents at all, Zero, Nada Zip.... And it regurgitates the Directory as a complete download. We also have a DropBox URL that does he same thing. I use the DropBox one, but have only tested the other, and do NOT keep its addy anywhere local. It is stored elsewhere on HD, that I can only get to by going thru a party that is two people removed from "Me" that I do NOT know and have never communicated with. This is how my ANNONOMOUS Connection Works. Blind Comms, thru a Stored Phrase PAD, AND. Fourth Parties....
No. I don't know of Gold Scan.
I do, however, remember when my college PC (a 286 w/ the 287 Math Co-processor option) booted to a C:/ prompt and I had to run XTree - Wikipedia, the free encyclopedia to get a sudo-graphical list of all DIRs and FILES on the 40MB HD. Ahh, those were the days - hA!, just realized that was pre-Linux (by a year). My Uncle is a MS Certified something or other and I distinctly remember him telling me that Windows (Which was an Application rather than an OS at the time) was just a fad, "Why would you want to open more than one program at a time?" lol
OK. back to Hash
1984 all over again... Apple rules ....
Love the scalp tattoo...
Separate names with a comma.