这下屌爆了:密码专家发布可容易PJ使用MS-CHAPv2加密协议的网络密码
在cnbeta上看到这条消息,顿时欣喜若狂,蹭子们,这下大家有福了。密码专家Moxie Marlinspike今日在黑客大会能发布了可以非常容易PJ无线网络和虚拟个人网络密码的软件,而这些网络都采用了微软公司的MS-CHAPv2加密协议。另外,很多企业和机构使用的WPA2和VPN密码都是受PPTP保护,而PPTP使用的也是微软的MS-CHAPv2。Marlinspike的工具则可以非常容易得PJ这些密码。这听起来似乎会让网管们担忧起来了。
不过,Marlinspike设计这些软件的初衷则是为了渗透测试员和网络审计人员检查受WPA2保护的网络和VPN帐号而设计的。但是,也不得不承认的是它们也有可能会被些心术不正的人用来窃取数据和获取网络非法访问。
现在有这个出现了吗? 到底信不信呢? xhb6263 发表于 2012-7-30 12:39 static/image/common/back.gif
到底信不信呢?
不管你信不信,反正我是信了。。:lol 这个可以信 :lol :o:o:o:o:o:o:o:o:o:o:o:o 工具呢拿来玩下 来学习~~
哈哈 越来越好玩了!!! 软件呢,在哪里阿? 就是啊,国内找不到软件 工具呢拿来玩下 xhb6263 发表于 2012-7-30 12:39 static/image/common/back.gif
到底信不信呢?
http://www.itnews.com.au/News/310179,marlinspike-expands-cloud-cracking-tool.aspx
Touts web-based protocol cracker at DefCon.
Whisper Systems founder Moxie Marlinspike has expanded a web-based tool for cracking protocols used for securing Wi-Fi networks, hashing passwords and encrypting documents.
The CloudCracker service was launched in February and targeted network auditors and penetration testers. It was based on Marlinspike's WPACracker service, launched in 2009.
The latest version, unveiled at the annual DefCon hacker conference in Las Vegas over the weekend, promised to crack an even greater range of encryption protocols and password hashing methods used in corporate and wireless networks and VPNs.
It claimed to be able to succesfully attack and break WPA, WPA2, NTLM,SHA-512, MD5, and MS-CHAPv2 protocols using a field programmable grid array chip supercomputer designed by Pico Computing in the US.
Microsoft's Challenge Handshake Authentication Protocol Extensions Version 2 (MS-CHAPv2) was commonly used by Windows users as part of the Point-to-Point Tunnelling Protocol (PPTP), CNET reported.
CloudCracker promised to run "your network handshake against 300,000,000 words in twenty minutes for just $US17". The tool was accessible to anyone who paid CloudCracker's fees.
It used brute-force guessing and dictionaries to crack protocols.
CloudCracker's MS-CHAPv2 dictionary represented the entire address space of the Data Encryption Standard (DES), one of the most popular encryption algorithms containing 72,057,594,037,927,936 options.
It said this guaranteed a 100 percent succes rate on recovering MS-CHAPv2 credentials for PPTP VPN connections and the inner authentication method for WPA2 enterprise Wi-Fi.
Marlinspike is known for his work on circumventing Certificate Authorities (CAs) for secure socket layer (SSL) encryption, used for securing web browser traffic.
His Whisper Systems Android security company was acquired by Twitter last November last year for an unknown amount.
Last December, Whisper Systems open-sourced its TextSecure secure text messaging client for Android. This July, it open-sourced the RedPhone encrypted voice calls application.
RedPhone was used by Egyptian dissidents to encrypt voice calls via their Android handsets during the uprising against the Mubarak regime last year.Touts web-based protocol cracker at DefCon.
Whisper Systems founder Moxie Marlinspike has expanded a web-based tool for cracking protocols used for securing Wi-Fi networks, hashing passwords and encrypting documents.
The CloudCracker service was launched in February and targeted network auditors and penetration testers. It was based on Marlinspike's WPACracker service, launched in 2009.
The latest version, unveiled at the annual DefCon hacker conference in Las Vegas over the weekend, promised to crack an even greater range of encryption protocols and password hashing methods used in corporate and wireless networks and VPNs.
It claimed to be able to succesfully attack and break WPA, WPA2, NTLM,SHA-512, MD5, and MS-CHAPv2 protocols using a field programmable grid array chip supercomputer designed by Pico Computing in the US.
Microsoft's Challenge Handshake Authentication Protocol Extensions Version 2 (MS-CHAPv2) was commonly used by Windows users as part of the Point-to-Point Tunnelling Protocol (PPTP), CNET reported.
CloudCracker promised to run "your network handshake against 300,000,000 words in twenty minutes for just $US17". The tool was accessible to anyone who paid CloudCracker's fees.
It used brute-force guessing and dictionaries to crack protocols.
CloudCracker's MS-CHAPv2 dictionary represented the entire address space of the Data Encryption Standard (DES), one of the most popular encryption algorithms containing 72,057,594,037,927,936 options.
It said this guaranteed a 100 percent succes rate on recovering MS-CHAPv2 credentials for PPTP VPN connections and the inner authentication method for WPA2 enterprise Wi-Fi.
Marlinspike is known for his work on circumventing Certificate Authorities (CAs) for secure socket layer (SSL) encryption, used for securing web browser traffic.
His Whisper Systems Android security company was acquired by Twitter last November last year for an unknown amount.
Last December, Whisper Systems open-sourced its TextSecure secure text messaging client for Android. This July, it open-sourced the RedPhone encrypted voice calls application.
RedPhone was used by Egyptian dissidents to encrypt voice calls via their Android handsets during the uprising against the Mubarak regime last year.
看了下正文还是上次我说的基于云跑包的玩意取回密码需要付费(注意我加黑的地方),云跑包网站的新把戏罢了;至于你信不信反正我是不信了。:)