Featured Post

Jabbercracky: A Hash Cracking Web Service

Posted on July 31st, 2010 in Security

It is with great pleasure that today I announce the first release of Jabbercracky, the hash-cracking web service.  MD5, NTLM, LM, and HalfLM are currently fully supported.  Jabbercracky will only work on Linux/Posix systems.

Jabbercracky makes use of a two-pass hash cracking method.  In the first pass, the submitted hash is tried against a local collection of rainbow tables.  In the second pass, the hash is passed along to a Cuda-compatable GPU for brute-forcing.

I’ve been hosting a Jabbercracky server with a large collection of rainbow tables on ChaosVPN since January, and I’ve recently done a bit of work packaging it as a Python module, so you can host your own cracking service with your own collection of rainbow tables!

jabbercracky-screenshot

On ChaosVPN, the service is available at: http://hash.colab.hack or http://10.100.23.1

The Jabbercracky module is currently being hosted on the Python Package Index, so all you need to do to install is:

1) easy_install jabbercracky

2) Go to the jabbercracky egg directory in site-packages and follow the installation instructions in INSTALL.txt

In future versions, Jabbercracky will live up to its name and also provide an XMPP-based interface, so you can crack hashes on your beefy hardware at home from the comfort of your mobile phone!

If you have any interest in participating in the development of Jabbercracky, please drop me a line!

Greetings to mc.fly and ryd and Defcon 18!

- awgh

Read post Add your comment

How To Connect a PS/2 Keyboard to the iPhone

Posted on October 13th, 2009 in Fun, Hardware Hacks, iPhone

Although I’ve seen many pictures of PS/2 keyboards plugged into iPhones on the Internet, no one has yet published a detailed howto on how to get this working yourself.  Until now, that is.

In this article I will show you how you can make a PS/2 keyboard to iPhone converter, including all hardware and software instructions. As the bugs get worked out, or improvements are made, I’ll update this page.
Continue reading How To Connect a PS/2 Keyboard to the iPhone

Tags: , , , , , , , ,
Read post Read 24 comments

How To Win At Java Code Audit

Posted on February 02nd, 2009 in Java Security, Security

Reviewing Java source code can pose a challenge for a security auditor, as methods used to exploit programs in C or C++, namely memory corruption bugs, are mitigated by Java itself, which hides the details of memory management from the programmer.  This same tendency to hide implementation details with a layer of abstraction leads to [...]

Tags: , , ,
Read post Add your comment

Dehydra-GCC: Static Analysis for Poor People

Posted on December 24th, 2008 in Security

Over the past few months, I’ve been playing with a new static analysis tool from Mozilla called Dehydra. Dehydra is a GCC plugin that allows you to write Javascript that can perform queries on the Abstract Syntax Tree (AST) that GCC generates from source files.  This lets you write a script that can notify you [...]

Tags: , , , , , , ,
Read post Add your comment

Groo: Fully Automated WEP Cracking

Posted on December 23rd, 2008 in Fun, Security

Updates Below! I don’t know about the rest of you, but I have an entire room of my house which is simply a huge pile of electronics scrap.  A hacked Tivo, some chipped XBoxes, an old VCR, a pile of PCI video cards, a full shoebox of 64MB Compact Flash cards…  You get the idea. [...]

Tags: , , , , , , , , , , ,
Read post Read 5 comments

XSS Vulnerability in Internet Explorer HTML Attachment Download

Posted on December 23rd, 2008 in Security

Update: MS fixed this issue in the IE8 6/9/09 security update.  Now IE8 behaves like Firefox (unclear on whether ‘X-Download-Options: noopen’ still exists at all). I have noticed a Cross-Site Scripting vulnerability in the way Internet Explorer handles the downloading and opening of HTML files when they are downloaded as an attachment, rather than opened [...]

Tags: , , , , , , , , , , , , ,
Read post Read 1 comment

Weaponizing Mailinator

Posted on December 17th, 2008 in Security

There has always been something deeply unsettling to me about the ‘Forgot Password’ functionality on many web sites. The ‘Forgot Password’ page exists solely to help unauthenticated users bypass the usual means of authentication. For whatever reason, many developers overlook the importance of locking this down, even after the issue of too-easily-guessable questions in Yahoo’s [...]

Tags: , , , , , , , , , , , , , ,
Read post Read 2 comments

EFI and Evil

Posted on December 15th, 2008 in Security

There is a legend you may have heard of a lowly system administrator who notices a bunch of extra network traffic coming from one of his workstations.  It appears that every packet sent from the workstation is copied and forwarded to an IP address in a country with no extradition treaty.  The admin figures that [...]

Tags: , , , , , , , , , ,
Read post Add your comment

Replace Your Face Just Like The Laughing Man

Posted on December 15th, 2008 in Fun

Updates below! I’d like to share two things with all of you.  The first is a dark, personal secret.  The second is a toy I made. The secret is that for the past few months I have been harboring an unhealthy obsession with the Japanese television series ‘Ghost in the Shell: Standalone Complex.’ What I [...]

Tags: , , , , , , , , , ,
Read post Read 43 comments