Monday, August 27, 2007
The Palm as a tool of the hacker (III): Passwords
Crack passwords is something that has always been of vital importance to gain access to protected computers: both to access in an unauthorized manner, and to regain access our password when we have been forgotten, or has just been changed by an attacker. Therefore can be used to try to enter a password file server which has been committed, or to precisely check that our security system is reliable before you pass it to production.
It is useful to know, however, that 99% of the attacks that are made to a system protected by passwords, can be rejected simply by choosing either our passwords. A poorly chosen password will always be the weak point of the system, as already discussed in posts devoted to how to create and manage good passwords with the Palm.
A good password protected to a large extent our system
Returning to the theme of this post, for these duties related to crack passwords, there are a large number of tools for Palm. Here are some:
- PalmCrack with a list of words burst trafficking in a UNIX password file (which use the Crypt () therefore not valid for a BSD), CISCO (type 7, is not valid for encryption type 5), or Windows NT ( Lanman of NT password hashes, hashes MD4 no response to challenge). If the program finds a list of words, used to try to crack passwords. Of course, the better this list will be the most effective program. If you can not find a word list, will attempt an attack by brute force. To create our own list we can use the Perl script PCMwDB.
palmCrack allows crack passwords for multiple systems
- MD5 can calculate an MD5 hash, or try to break it by brute force. Recommended PalmOS 5.
- Hydra is a Cracker login (authentication), flexible, fast and extensible, which supports the protocols Telnet, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, CVS, SNMP, SMTP - AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3, Teamspeak, Cisco auth, enable Cisco, Cisco LDAP2 and AAA (impressive list).
- NotSync demonstrates the simplicity with which you can obtain and decode the password of a system for Palm. This tool imitates the initials of hotsync steps, through the infrared port, to achieve just that. The program is proof of concept document called "Palm OS Password Retrieval and Decoding" and although it is not already available on its website, surely can be achieved by other means.
- Palm OS Password Lockout Bypass for Palm OS 3.5.2 and below. Using a back door of the operating system can be password and other data in the Palm, still blocked.
- If you have forgotten the password for your Palm, install No Security to remove the password without losing records locked. Password System Cleaner goes for the same. Sword crackea or replace the password for the Palm Pilot without knowing the existing one. Like the previous, used to enter the Palm when you forget the password, without losing your information confidential. It is shareware. PCack is another option, only valid for Palm OS 3.5.1 or earlier. Palm Password Cracker does the same thing but on the PC, without installing anything on the Palm. I have not managed to find on the internet, but surely it is somewhere.
There are different ways to skip the password for the Palm
- Finally, a curiosity that goes beyond the world of software to jump to the hardware. There are programs that using a mathematical algorithm reduces the number of possible combinations for a lock MasterLock, 64,000 of the original 64. SkeletonKey and Pmaster are two examples, but needed as a parameter of the numbers of the combination.
A Master Lock padlock
As we see, the world's most prolific cracking passwords, even for Palm. In the next post we will see how to convert our Palm at the ultimate tool for the hacking.
Posts in this series:
- The Palm as a tool of the hacker (I): terminal emulators
- The Palm as a tool of the hacker (II): file transfer
- The Palm as a tool of the hacker (III): Passwords
- The Palm as a tool of the hacker (IV) and remote access servers
- The Palm as a tool of the hacker (V): bluetooth, wifi and infrared
- The Palm as a tool of the hacker (VI): network analysis
- The Palm as a tool of the hacker (VII): telephony and phreaking
- The Palm as a tool of the hacker (and VIII): security and encryption
By: Mark Gonzalez Troyes in Palm Tricks
| RSS comments | Trackback | 
Print this post
Related Articles
Subscribe to stay abreast of developments in this blog
Wow brilliant especially the hydra, Adar comes as a bit of shock, as dijsite thing is to put a good password that does not have to be the longest in the world or just a complex, witty.
I enrolled in gravtar although that alone would put the mail now the avatar but that does not stop ...
Give him time, and if not checked again in gravatar they have added an image, which recently redesigned and the service has yet to walk a little "Bailón."
Well eh it checked now and again my avatar comes we will see that happening now ....
I come to the times by these individuals and I am bullet with one of the best articles from the Tungsten PDA! .... Marcos really good!
orale that interesting article and if taper head with tuna, that hydra afraid ..