Anyone know of a linux program similar to SMB grind, for cracking passwords to local shares? How about something similar to PWDUMP for linux, that can glean info on a computer useing the hidden IPC share? Thanks for the help!

RS

these progs do exist, BUT we don't want to give Blackhats/Crackers any undo advantage..........

Anyone have any useful information, I don't believe in security through obscurity.

Most of us however, believe in script kiddies getting their bums beaten until some common freaking decency is instilled.

Fancy yourself as a hax0r?
No way, man. Don't be hackin'. That's no fackin' good, if you ask me. Stop hackin' and crackin', and get on the fackin' way to behaving yourself.

By the way, why do you want crack passwords? Just curious.

In reality, if you wanted to use these tools for non-evil purposes, I imagine you would have the ability to write a script to do it yourself.

I guess the answer is no. Sorry to have bothered all of you. I'm going to head down to the local Borders book store and start burning, wouldn't want anyone to get a hold of all those Haxor books LOL.

No worries there friend, being in book form prevents 99% of script kiddies from getting anywhere because they're too lazy to read. That's why they use other people's work instead of learning to code themselves. No insult intended of course.

I'm curious, as you quoted before, you don't believe in security through obscurity. I'd venture to say that most open source advocates feel the same way.

However, I don't see what you propose as a method of supporting that goal. Passwords are a "shared secret" much as encryption keys are. They are most definitely not a form of security through obscurity. You're asking for a way to crack passwords - to try and obtain a shared secret you are not entitled to. If you were truly interested in discrediting security through obscurity, you'd be doing two things:

1) Trying to reverse engineer the encryption algorithm. You don't need to crack passwords for this. All you need to do is sniff network packets after you provide a password to a password-protected share and analyze the data. You know the password you entered, and then it's up to you to determine how your input was transformed into the data sent to the other machine for verification. With enough "data points" you can reverse engineer the algorithm - no password cracking necessary.

2) With the algorithm in-hand, you can then analyze it for holes and weaknesses. When a collision/weakness is found, then, and only then, have you shown that security through obscurity is not viable.

Again, passwords are shared secrets and not a method of obscurity. That's basics... I mean computer security 101.

If there is some legitimate purpose for needing to crack the passwords (beyond the misapplication of the "obscurity" concept), then you might get some help.

Per the LQ RulesandSo this thread is closed.