Advertisement
Home
Saturday, 22 November 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  8778  71.58%
Win 2003  1950  15.90%
Win 2000  722  5.89%
Solaris 9/10  402  3.28%
FreeBSD  226  1.84%
Other  185  1.51%

Total attacks: 12263 of which 4619 single ip and 7644 mass defacements

Polls
Should Zone-H continue mirroring defacements? (floods will be purged)
 
Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
ZONE-H In Numbers
 News: 14559
 Advisories: 11
 Managers: 1
 Administrators: 1
 Super Administrators: 3
 Operators: 3
 Registered Users: 38290
 Downloadable Files: 3888
 Digital Attacks: 2981160
 Attacks On Hold: 3102
 Online Users: 90
Syndicate
Visitors' Map
Highlight on most recent attacks
jiefanglu.gov.cn/zkn.txt by ZoRRoKiN       ytjj.gov.cn/zkn.txt by ZoRRoKiN       bislig.gov.ph by Ashiyane Digital Security Team       prefeiturajoseraydan.com.br by Fatal Error       semag.taquarussu.ms.gov.br by Fatal Error       pmsaltodolontra.com.br by Fatal Error       cmirituia.com.br by Fatal Error       pmriobrancodoivai.com.br by Fatal Error       prefeituraborrazopolis.com.br by Fatal Error       pmcurionopolis.com.br by Fatal Error       
Latest advisories
Latest on Digital Warfare
Latest on Geopolitics
Tools for Password Cracking PDF Print E-mail
User Rating: / 16
PoorBest 
Thursday, 26 April 2007
Have you ever forgotten a password? Have you ever desperately tried to remember it to open a vitally-important file? Apparently, similar problems should be over, at least according to those companies that are promoting tools for Password Recovery.

There are lots of software for password cracking… A real blessing for absent-minded users!
The problem is that we are not sure that only forgetful people will take advantage of them, especially considering those software that in addition to password cracking provide “document protections removal”.

For example, on April 19th, the Russian software developer Intelore released a toolkit , named OpenOffice Password Recovery , that allows to get back forgotten passwords in OpenOffice documents.



The toolkit, according to the vendor, is designed to grant the access to any OpenOffice document. As claimed in the description on Intelore’s website, it is a fast “all-in-one solution for effective recovery of passwords to open OpenOffice documents and instant removal of any type of document protection.”

Indeed, OpenOffice Password Recovery is depicted as a software that “may remove various types of document protection, including document ReadOnly protection, revision marking protection, protection of sections in OpenOffice Writer, protection of cells in OpenOffice Writer table, automatic protection of indexes and tables, OpenOffice Calc document and sheets protection.”

Intelore's CEO, Dmitry Rozenbaum declared that the software would work better on “your own files”, even if it can be used on any OpenOffice document: it is a matter of time, indeed if you can remember a part of the password, the software will take less time to recover it.

A matter of time… well, this could be a temptation too hard to resist for cyber-pranksters, isn’t it?

In order to understand something more about this specific matter, we made two attempts to recover an unknown password on an OpenOffice document by using the “trial version” of the tool, and this is the result: on both cases the software took over 4 hours to scan thousands of possibilities among sections such as “English Dictionary”, “Mistyped Dictionary”, “Numbers”, and so on.

In our “test”, we acted as if we didn’t know anything about the password to recover and the result was that OpenOffice Password Recovery could no find it out. A windows warned that to carry out the research we had to introduce some details about the password (see the picture).

openoffice2
































Actually, Itelore’s website makes clear that the trial version is not as powerful as the “for sale” version (that is available for between $79 and $ 129).
So there are questions that still have no answer: Is the tool really effective? Is it a potential threat? Hard to say.

But we can make a general consideration: Most of such tools are based on a kind of “Bruteforcing technique” and are quite effective on simple passwords, but their effectiveness seems to decrease in case of long or particularly complex watchwords.

In Bruteforcing attacks, the attacker tries to use every possible character combination as a password, but the more complex is a password, the longer will take a software to recover it. Just think that for a 3-characters password there are 26 x 26 x 26 possible combinations (if we consider “a-to-z combinations” only).

This aspect could reduce the possibilities that similar tools would be used in malicious activities, but the matter with such software is not only about their capabilities.

Time, skills, instruments and, above all, user’s intentions could make almost everything become possible online.



Comments Index (Total Messages: 3)
anony Written by Guest on 2007-04-27 15:31:00
great article Written by Guest on 2007-04-28 17:57:12
Re: great article Written by hainc08 on 2007-05-17 20:03:43

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
Advertisement
 
Top!
© 2008 Zone-H.org - Unrestricted Information
Joomla! is Free Software released under the GNU/GPL License.
 Top!