Dec 3, 2007

Cracking Passwords With Google

My buddy Karl over at Ask The Admin found this, and I just had to repost it:

A website we read Hackaday posted this interesting piece last week on how to use Google as a password cracker.

If you don't know what md5 hashed passwords are then this isnt for you and you should stop reading (Check back in a bit for a piece of password cracking) or see what they are here.

But if you are like me and need to um recover passwords on a system you have physical access to you know you can dump passwords from the local sam database as hashed passwords.

Using a program like l0pht crack (LC5 to those in the know - more on this later) to decpypher them is time consuming but acording to this post you can simply google the hash - if it is even a fairly common password google will return the answer. How fucking cool is that?

In the following example they use it after a machine was hacked they wanted to be able to login as that user and spy on the enviroment for some forensic goodness.

"Usually we're into hardware hacks, but once in a while I run across something that's just too good. [Steven]'s blog was cracked a while back, and while he was doing forensics, he was trying to crack the md5 hashed password for the unauthorized account. Eventually he slapped the hash into Google, and guess that it was 'Anthony' based on the results that came up. Thanks to [gr] (Yes, I know it was on Slashdot a few days ago, but I don't care."

I missed it on slasdot so thanks! This will be a big time saver for me in the future.

Originally Posted on Ask The Admin By Karl Gechlik

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam