Security :: John The Ripper Brute-force Attack And Multi-core Processors?
Feb 19, 2010
In my Open-Suse server I have a script, where makepasswd output(by default it generates similar passwords: cGyTbqpr, tpJ1LA, 33EXdo) is redirected to mkpasswd(which uses DES by default) in order to generate salted hash of this previously generated password. I would like to test the strength of this system. I have a quad core CPU, and if I start John The Ripper like this(I want to use -incremental:all flag):
john -incremental:all passwd
..only one core is utilized at 100%. Is there a possibility to make all four cores to crack this password? Or is this possible only after reprogramming John The Ripper? Or what is the algorithm for generating passwords with with -incremental:all flag? I mean if John generates passwords randomly in brute-force mode, then it's smart to start four different John processes simultaneously because then one of those four will find the password firs
View 2 Replies
ADVERTISEMENT
Apr 4, 2010
I'm using ubuntu 9.10 and I'm trying to crack my own password with John the Ripper. I've been reading and working at this for a long time and I've not been able to crack my password. I've added a "test" account on my machine with the password "password": For my Unix Password:
Code:
mark@mark-laptop:~/John/john-1.7.3.4/run$ sudo ./unshadow /etc/passwd /etc/shadow > mypasswd
mark@mark-laptop:~/John/john-1.7.3.4/run$ sudo ./john mypasswd
No password hashes loaded
YES I have read the README and the FAQ and for this problem they give the following possible problems:
Q: Why doesn't John load my password file? It says "No password hashes
[Code]...
View 1 Replies
View Related
Nov 2, 2010
I am relatively new to Ubuntu and may have a security breech. I was recently looking over synaptics installed packages on my PC and noticed JOHN installed on my system. This was never installed by me nor do I think this entire APP is a dependency of something that may have been installed.My questions are... Has my system been compromised? I use an elaborate password as well as UFW.Can I determine who installed this package (i.e. local user account or remote user)?Can I determine when? The system was installed only 3 days ago.Can I determine if there have been any instances of a successful or failed remote connection to my PC?
View 9 Replies
View Related
Nov 8, 2010
im looking for a good brute force program that has i gui. i used to use brutus on windows but now im only running ubuntu so i need to find one.
View 3 Replies
View Related
Mar 29, 2011
I set up an ASUS WL-500gP with original ASUS firmware to my LAN with IP address 192.168.1.1. If I navigate to address [URL] in my Firefox address bar, an Authentication required window opens up asking for "User name: " and "Password: ". Correct "User name: " is "admin" and correct "Password: " is "pA55w0Rd". They work fine if I type them in manually to the Authentication required window, but for some reason I can't get in using the hydra with words.txt password file, which contains "pA55w0Rd":
Code:
[root@ ~]# cat words.txt
password
user
pA55w0Rd
[code]....
View 2 Replies
View Related
Jan 22, 2010
i'm trying to find a GUI for john the ripper. ive searched and found some for windows but none for linux
View 1 Replies
View Related
May 6, 2011
I am ashamed that I am causing other people troubles, but apparantly my server is involved in attacking the servers of other people.
I have to admit that I am not too familiar with using a CLI, or Linux for that matter, but I have a Debian server running under Plesk 10, which is colocated.
Now I have received messages from the datacenterm which state that my server is involved in brute force attacks.
The messages show a lot of lines like this:
Code:
The only I get from my hoster is to back up all domains and re-install the machine.
I want to resolve this asap, but do not agree with that action for two reasons: the machine just had a fresh re-install 2 months ago, so if it is a flaw in the OS, I will get the same flaw back, and if it is not OS related but due to a domain, I will get the problem back by putting back the backed-up domains.
But now I'm stuck: what steps should I follow to try and find the cause of this evil and make sure that my machine will not bother other machines anymore?
I realize that this probably will be a steep learning-curve, but please bare with me and help me to resolve this.
What have I done so far?
1) There are a number of live sites on this server, either running WordPress or Joomla, I have made sure they are all updated to the latest release.
2) I have manually looked at the source code of the index-files of those sites, haven't seen anything strange, like redirects.
3) I have used online scanners to check all sites for malware, all have been reported back to be clean.
4) I have run the Plesk-version of RKhunter, and that gives me certain warnings which I cannot (or do not) understand:
Code:
Code:
Code:
I received the first report of these attempts about a week ago and immediately changed the Plesk/SSH password to a 200bit password generated with KeePass, hoping that would keep out any evildoers.
View 14 Replies
View Related
Mar 31, 2011
I have a mail server running RHEL, with postfix, dovecot, etc. I installed Fail2ban and this works wonders against SSH brute force attacks. It'll ban an IP address for a period of time if it unsuccessfully attempts to log on 3 times within, say a minute. I was wondering if it can be as effective with pop3 attacks. If it is, how can I get it done?
View 1 Replies
View Related
Sep 30, 2010
I have a SSH server set up at home listening on port 22. I have hardened the server so it is pretty secure but I want to make it even safer by editing my iptables to rate-limit incoming connections and DROP false login attempts. I have tried these tutorials but I just cant get it to work:[URL]I want the debian-administration.org tutorial to work but when I try to add the first rule in terminal:sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --setI get the following:Bad argument --set'I am new to iptables and I'm not sure if I'm doing something wrong when I try to set it up. I'm using Ubuntu 10.04.1 LTS with iptables v1.4.4.
View 6 Replies
View Related
Sep 2, 2010
when I start my application it creates a message queue and forks a process. The child process reads multicast packets from the network and writes to message queue. The parent process reads packets from message queue and compares source ip and sequence number (it is part of payload) with last 64K packets received to see if it has received a duplicate packet. I am using message queue as a buffer because I do not want child process to drop any packets while it is comparing it with previously received packets. The message queue is large enough to contain 64K packets. To compare the old packets I am using array of structures as circular buffer. During a spike I may receive 100 - 120 packets per milli second.
When I run my application, the parent process keeps up with the child process, I can see that with "ipcs -q". After about 30 seconds it cannot keep up and the size of message queue keeps increasing until it is full. When I run "top" I can see that one CPU/core is hundred percent busy while other 7 cores are idle. It seems that both processes are running on same core and the child process gets interrupts everytime there is a packet on the net and starves the parent process.I am running RHEL 5. The system has 24GB memory and my application is the only application running on it. It is a HP G6 server.
View 3 Replies
View Related
Feb 4, 2010
will Fedora 12 support my processor, an Intel Core i7-720QM Quad Core?
View 3 Replies
View Related
Mar 17, 2009
Just installed centOS 52 x86_64 on a Core 2 Duo (E6750). From the /proc/cpuinfo I see that only one processor is detected. Any parameter on the BIOS to be changed?
View 2 Replies
View Related
Mar 27, 2011
I have a command line OCR program called OCR Shop XTR (Vividata corp) that I am using on a system with a 6-core AMD chip. I changed the bios so that the 6-cores were activated, but htop shows me that while the program is running, I am only getting activity on one core (the program maxes out the one core with consistent usage between 97% and 100%).
I have read that many programs are not written to take advantage of multiple core cpu's. However, I am just hoping that there is some way to get this program to take advantage of the extra cores. Does anyone know of a way to invoke programs from the command line which would spread the workload out among additional cores?
Here is the output of uname -a:Linux linux 2.6.37.1-1.2-desktop #1 SMP PREEMPT 2011-02-21 10:34:10 +0100 i686 athlon i386 GNU/LinuxAnd here is the output for one of the cores from cat /proc/cpuinfo:processor : 5
vendor_id : AuthenticAMD
cpu family : 16
model : 10
model name : AMD Phenom(tm) II X6 1100T Processor
stepping : 0
[Code].....
View 5 Replies
View Related
Oct 31, 2010
Is there any Linux API that will let me control on what core will a thread run? If not, do I have to use assembly language?
View 2 Replies
View Related
Sep 12, 2011
Im running 64bit centos 5.6 and using virt-manager.On one of my guest OS's, Windows 7, The max Physical CPUs is 2, you can have unlimited CPU Cores however. (like my machine i use for work has 1, 4 core processor).The issue im having is xen only allows you to set the vcpu arguemnet in your xen config file. How can i set it so that 1 CPU has several Cores just as windows would recognize this machine if i were installing directly to the hardware vs via a VM.Ive searched for 2 days staright trying to address this issue, very little progress, Does anyone know where a XEN support forum is? all i get is the citrix xen support forums.
here is the best info i have found on this, but i dont know how to change this for my CPU to work, when i enter this in my xen config it essentially ignores it and just takes the value of vcpu= so windows shows 2 CPUs each with ONLY one core. Id like 1 or 2 CPUS showing Several cores.The physical Hardware is 2x Xeon 5300 Quad Core CPUs.
> # Expose to the guest multi-core cpu instead of multiple processors
> # Example for intel, expose a 8-core processor :
> #cpuid=['1:edx=xxx1xxxxxxxxxxxxxxxxxxxxxxxxxxxx,[code]........
View 3 Replies
View Related
Mar 13, 2009
Many people have multi-core cpus supporting frequency scaling now, if you want to see if the workload is being evenly distributed then add as many CPU Frequency Scaling Monitor applets to the Gnome panel as you have cores/cpus. Then right-click each one and select preferences and choose which cpu to monitor.
Now compile a large program or run a cpu intensive game and watch how the workload dances around between the two (hopefully)
Some clever apps like gnome chess will multi-thread and make max use of both cores, sadly many others won't.
View 9 Replies
View Related
Sep 14, 2009
I've tried searching the forums / google and haven't been able to come up with anything... in Debian-based distros there's an option that can be set to allow boot concurrency so that multiple processor cores can be used for the boot process. Windows also has an option similar to this to specify how many processor cores to use for boot.
Is there an option for multi-core booting in Fedora?
View 1 Replies
View Related
Sep 9, 2011
I need to set the CR4.MCE bit for all the cores on my system (4). I'd like to write a linux kernel module for that, but I am not sure how to proceed: How do you sequentially access all of the CR4 registers? I have read the Intel manuals and they describe a way to initialize each core, but this is done in the bios.
View 2 Replies
View Related
Dec 21, 2010
I have just configured Centos 5.5 LocalMailServer with fetchmail and sendmail , Proxy with Squid and FileServer with samba. Now my concern is security.. How can i protect my server with outside attack. Will I need to block some ports or I need special tools or script so no one from outside can attack my machine. My machine is working on intranet with local ip only.. No web server or static ip exists. Machine is connected with ADSL router to access internet.
View 5 Replies
View Related
Jan 25, 2011
how can I track a Dos and DDoS attack on a server . Does linux have any goiod known command line utilities and log files to us e in this way?
View 1 Replies
View Related
May 3, 2010
Quote:
The 605-page PDF document reads like a listing of the pros and cons for a huge array of defensive and counterintelligence approaches and technologies that an entity might adopt in defending its networks. Of particular interest to me was the section on deception technologies, which discusses the use of honeynet technology to learn more about attackers� methods, as well as the potential legal and privacy aspects of using honeynets. Another section delves into the challenges of attributing the true origin(s) of a computer network attack.
View 1 Replies
View Related
Nov 23, 2010
I have implemented two machines one for honeypot(192.168.100.10) and another(192.168.100.20) to remotely log the honeypot log file using syslog. Inside honeypot I emulated another 3 machines with services on virtual IPs of that same block.Now honeypot is working and I can see the logs generating as I did a portscan(nmap) on those virtual IPs from .20 machine.All of the machines are running ubuntu.
But does anyone know any s/w or tools which originally attackers use so that I can get a clear picture of what happens from the logs. Having problems creating these attack scenarios.
View 2 Replies
View Related
May 30, 2011
i have 1 question no more because i got many ddos attack and my load is 95++ what is the best program to stop DDOS Attack ?
View 14 Replies
View Related
Apr 10, 2009
I went away from home for a few days, ... Now I am back at home and noticed, that my server is going out with 100% available bandwidth. The server is mainly Http / Ftp / Mail server, so I stopped all services, to see which one it is. ervices stopped, still 100Mbps go out like ants in the flood.
I updated the system, made a backup, installed IPtraf. It seems that I have something 'installed' and my server is running something to attack User computers. It seems to try to find something on random IP's random ports. I am a little bit confused now. As long as my sites are running, I'm ~OK~ but sooner or later I would like to have my bandwidth back. How could I try to hunt down which service/app/process got hacked?
It seems that the monetary system of our society got now more enemy's than friends. Capitalism seems to reach it's end. But my server is serving also ART! Sooner or later we will need to pay copyright even for our thoughts. I was reading today, that the French president wants to punish file sharing as his wife made 3 albums, and wants to get some money ..
View 12 Replies
View Related
May 7, 2009
Attack Sneaks Rootkits Into Linux Kernel Quote: A researcher at Black Hat Europe this week will demonstrate a more stealthy way to hack Linux
Apr 14, 2009 | 04:21 PM
By Kelly Jackson Higgins
DarkReading
Kernel rootkits are tough enough to detect, but a researcher this week has demonstrated an even sneakier method of hacking Linux. The attack attack exploits an oft-forgotten function in Linux versions 2.4 and above in order to quietly insert a rootkit into the operating system kernel as a way to hide malware processes, hijack system calls, and open remote backdoors into the machine, for instance. At Black Hat Europe this week in Amsterdam, Anthony Lineberry, senior software engineer for Flexilis, will demonstrate how to hack the Linux kernel by exploiting the driver interface to physically addressable memory in Linux, called /dev/mem.
"One of bonuses of this [approach] is that most kernel module rootkits make a lot noise when they are inserting [the code]. This one is directly manipulating" the memory, so it's less noticeable, he says. The /dev/mem "device" can be opened like a file, and you can read and write to it like a text file, Lineberry says. It's normally used for debugging the kernel, for instance.
Lineberry has developed a proof-of-concept attack that reads and writes to kernel memory as well as stores code inside the kernel, and he plans to release a framework at Black Hat that lets you use /dev/mem to "implement rootkit-like behaviors," he says. The idea of abusing /dev/mem to hack the Linux kernel is not really new, he says. "People have known what you can do with these /dev/mem devices, but I have never seen any rootkits with dev/mem before," he says.
Quote: "The problem with kernel-based rootkits is that the rootkit can mitigate [detection] because it has control," he says. "It's a race in the kernel to see who's going to see who first." [URL]
View 1 Replies
View Related
May 13, 2009
I have full hdd encryption with a rather long key. The thing is the FBI might just show up at my house one day and have a warrant for my PC, and who wants the government looken through there life? I have a few plans on geting my PC shut down before they can get there hands on it. This is all well and good, but if they can sniff my key from the ram It doesn't matter what my key is or weather they find the computer on or off. Anyhow, i was wondering if there was some way I could add a script to the shut-down process that would over-write the ram.
View 11 Replies
View Related
Oct 20, 2009
I have been receiving attack alerts. And I would like to root out the source of the problem. I'll give you the messages. If you could help me prevent this hacker from even being able to attempt these things please any advice is helpful. There have been memory stack attempts, failed sys_admin conversion attempts, password file write attempts etc.....
[Code]...
View 5 Replies
View Related
May 24, 2010
I may not be a code worrior, yet I have been a Ubuntu convert from Apple for about 3yrs now. Since 1984-2006 now hackers or viruses. And Until now Ubuntu has been clean, well I have been good with repos, etc.
1. Recently I found "Odd" behavior with my Amarok 1.4 player, ffmpeg, winff.
2. During a Synaptic upgrade there were some "unauthorized changes". I have seen this before due to some of my software, so I ignored it. . .
To my bewilderment, "It" erased Amarok 1.4 player, ffmpeg, winff, all image kernels, claimed domain over my system permissions, and external HD. B4 I shutdown, downloaded LUCID 10.4. . . restarted, then copied over all info possible to minimize a complete delete of my system. Upon restart, indeed all kernel images were gone, Only live CD allowed me access to repartition my HD.
NOW. I have Lucid running, and have been denied access to my external HD and partitioned (internal HD). I used Nautilus to copy over files to my internal laptop HD, yet permissions continue to be an issue. The INFECTED FOLDERS are owned by "User 999-user#999. I must micro manage every folder and file to gain "partial permission". The dialog box stutters and never allows me to go down to "Root"
View 5 Replies
View Related
Sep 28, 2010
Using Opera 10.61 and 10.62, I find that any secure website I access, such as a bank, the lock icon in the address bar is replaced by a question mark. Clicking on it brings up a window, stating that the connection is not secure, that the server does not support TLS Renegotiation. Doing some internet searches for "opera tls renegotiation" brought me to a page at the Opera website, where they discuss this issue. The issue is generic, not limited to Opera, affecting the TLS protocol, and it potentially enables a man-in-the-middle to renegotiate a "secure" connection between a server and client, issuing own commands to the server. Opera has addressed the problem on the client end, but now servers need to be upgraded too. None of the HTTPS sites I have tried have upgraded their servers, if the information provided by the Opera browser is correct.
My questions: how feasible is such a MITM attack, what level of resources would such an attack require? What, if anything, would the attacker need to know about the client and/or server to mount the attack? Would I be better off using Firefox, or is Firefox simply oblivious of the problem and not issuing warnings for that reason?
View 4 Replies
View Related
Dec 28, 2010
mpg123 suddenly started playing a police siren occationly. I checked the process once I heard it, and root was the process owner. How could this happen? Have someone broke into my computer? If so - how could I verify an attack? I run Ubuntu 9.10.
View 2 Replies
View Related
