Monday, 27 of August of 2007
The Palm like tool of hacker (III): passwords
Crackear passwords is a work that always has been vitally important when acceding to protected apparatuses: as much to accede of nonauthorized way, like reclaiming the access when our password has forgotten to us, or it has been changed indeed by an attacker. They can be used therefore to try to enter a servant whose file of passwords has been it jeopardize, or indeed to verify that our security system is reliable before passing it to production.
He is advisable to know, nevertheless, that 99% of the attacks that become to a system protected by passwords, can be rejected simply choosing well our passwords. A always chosen bad password will be the weak point of the system, as it were already spoken in posts dedicated to how creating and administering good passwords with the Palm.
A good password will protect our system to a great extent
Returning to the subject from this post, for these necessities related to crackear passwords, there is a great number of tools for the Palm. We see some:
- PalmCrack with list of words deals with to burst a file of UNIX passwords (that uses the Crypt function (), therefore will not be worth for one BSD), CISCO (type 7, it will not be worth for encryption type 5), or Windows NT (hashes of password NT LANMAN, not hashes MD4 of answer to challenge). If the program finds a list of words it will use, it to try to crackear the passwords. , Whichever by all means better it is this list, more effective will be the program. If it does not find a list of words, will try an attack by brute force. In order to create our own list we can use script in Perl PCMwDB.
palmCrack allows to crackear passwords of several systems
- MD5 can calculate hash MD5, or also try to break it by brute force. Recommended PalmOS 5.
- Hydra is a crackeador of login (authentication), flexible, fast and tensile, that supports protocols telnet, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3, Teamspeak, Cisco auth, Cisco inable, LDAP2 and Cisco AAA (impressive list).
- NotSync demonstrates the simplicity with which the password of system of a Palm can be obtained and be decoded. This tool imitates the initial steps of hotsync, through port of infrared, to obtain this indeed. The program is the test of concept of the called document “Palm OS Password Retrieval and Decoding” and although he is not available already in his Web, surely can be obtained by other means.
- Palm OS Password Lockout Bypass for PalmOS 3.5.2 and inferiors. Using a back door of the operating system, it can secure to the password and other data of the Palm, still being blocked.
- If you have forgotten the password your Palm, installs Security not to eliminate the password without losing the blocked registries. System Password Cleaner is worth for the same. Crackea Sword or replaces the password of the Palm Pilot without knowing the existing one. Like the previous one, it serves to enter the Palm when you have forgotten the password, without losing your confidential information. He is shareware. pCack is another option, only valid for previous PalmOS 3.5.1 or. Palm Password Cracker does the same but in the PC, without needing installing nothing in the Palm. I have not been able to find it in Internet, although surely it is in favor of some side.
Different ways exist to jump the password of the Palm
- Finally, a curiosity that leaves the world of software to jump to hardware. There are programs that by means of a mathematical algorithm reduce the number of possible combinations for a MasterLock padlock, of the 64,000 original ones to 64. SkeletonKey and Pmaster are two examples, although they need like parameter one of the numbers of the combination.
A padlock Masters Lock
As we see, very prolific the world of cracking of passwords, even for the Palm. In next post we will continue seeing how turn our Palm into the definitive tool for hacking.
By: Tricks
RSS commentaries | Trackback | 
To print this post
Related articles
Suscríbete to be to the current of the new features in this blog
Brilliant Wow hydra mainly, equal arrives to adar a little scare, like dijsite it is thing to put a good password that it does not have because to be but long or the complex one of the world, only ingenious.
me inscribi in gravtar weighs that just by to put the mail now saldria the transformation but paree that not…
Dale time, and if it does not check again in gravatar recently that good addition is had the image, that redesigned the service and still “bailón” must walk a little.
Good eh checked right now and leaves my transformation again we will see that it happens now….
I come to the times by these lares and I run into with one of the best articles of the PDA of tungsten! …. very good Marks!
orale that intersante article and if conicido with head bigeye tuna, that hydra gives fear.