> g> But I can make a try. I can ask my dad to give me his userID file, then > g> write his password into the dictionary file, and then try the attack... just > g> to see if that tool other people suggested me really works. > > I've not yet tested it myself. Remember that the passwords will be > case sensitive. That's why I responded to that email saying you're > going to need a huge dictionary file. :-) I made this try, and it didnt work. As the man who suggested the tools said, that Hash Breaker works only with insecure hashes (no salt). The 5.0.9 version of Domino isn't vulnerable. The ID cracker does not work either... so maybe it's only for previous releases than R5... I will keep informed about this anyway, just for curiosity. I found a modification of JohnTheRipper specifically made for Domino HTTP hashes, which may be helpful, since it does also bruteforce cracking. If I get any results I'll let you know. PS: they said that this modificationff of JTR does not require Notes API, so.... what's the point? I mean, which algorithm does it use to calculate hashes for comparisions? ______________________________________________________________________ Mio Yahoo!: personalizza Yahoo! come piace a te http://it.yahoo.com/mail_it/foot/?http://it.my.yahoo.com/
This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 09:18:31 PDT