Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: 10 Character pass

  1. #11
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    3

    Default

    Quote Originally Posted by lupin View Post
    Do you only want 10 character passwords or do you want all passwords up to and including 10 characters? (e.g. 1 letter passwords, 2 letter passwords ... 9 letter passwords, 10 letter passwords). Doesn't really matter actually, because creating either list is infeasible.

    Assuming the smaller of the two lists containing only 10 character passwords using a-z, A-Z, 0-9, we have 62 to the power of 10 entries (839299365868340224). Assuming an ASCII character set, at 11 bytes for each password (ten bytes for the password and one for the end of line character) you would need 9,232,293,024,551,742,464 bytes or 8,598,242,909.23 gigabytes of storage to store the list.

    Hopefully the math convinces you that trying to create a complete 10 character password list is a bad idea.
    Lmao @ math, but uh... isn't there another way BESIDES brute forcing?

  2. #12
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by xPhantom View Post
    Lmao @ math, but uh... isn't there another way BESIDES brute forcing?
    Sure, there are plenty.

    Shoulder surfing. Looking for PostIts (under the keyboard; on the monitor; on the bulletin board. in the top desk drawer. ...) Local exploits. Remote exploits. Network packet grabs. Social Engineering (posing as a repairman; posing as a deliveryman; pretexting as a helpdesk employee; pretexting as someone from the "home office"; playing "hide the salami" with the target's secretary*. ...) Dumpster diving. Escalating privileges.

    The list goes on and on. It depends on who you dealing with, what the scope of the contract covers.

    *Yes, I know someone who's gone that far.
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #13
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Thorn View Post
    Looking for PostIts ( in the top desk drawer. ...)
    You mean other people know about my hiding spot.
    Man now I need to come up with a new place.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #14
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by archangel.amael View Post
    You mean other people know about my hiding spot.
    Man now I need to come up with a new place.
    You and me both!

    I have a folder of snapshots taken with my phone, of the places users put PostIts with passwords. The directory name is "Stupid User Tricks". I think my favorite is the domain admin name and password up on a bulletin board.
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #15
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Thorn View Post
    You and me both!

    I have a folder of snapshots taken with my phone, of the places users put PostIts with passwords. The directory name is "Stupid User Tricks". I think my favorite is the domain admin name and password up on a bulletin board.
    That's a perfectly cromulent method of hiding the password. It's hiding it in plain site and no one would ever think that it could possibly be real.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #16
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Thorn View Post
    You and me both!

    I have a folder of snapshots taken with my phone, of the places users put PostIts with passwords. The directory name is "Stupid User Tricks". I think my favorite is the domain admin name and password up on a bulletin board.
    Last year our IT guys got into trouble during an audit, where they had an actual notebook (journal) with all of the passwords for every computer and cell phone on site! I mean the idea made sense, since my laptop/ cell phone are not my property and are subject to searches at anytime, they kept the passwords along with the device's asset number and the user together in a nice neat little book. But I guess now they have to keep it in a safe instead of on a shelf like it used to be.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #17
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by archangel.amael View Post
    Last year our IT guys got into trouble during an audit, where they had an actual notebook (journal) with all of the passwords for every computer and cell phone on site! I mean the idea made sense, since my laptop/ cell phone are not my property and are subject to searches at anytime, they kept the passwords along with the device's asset number and the user together in a nice neat little book. But I guess now they have to keep it in a safe instead of on a shelf like it used to be.
    Yeah, keeping something like that in a safe is a good idea. On a shelf? Not so much.
    Thorn
    Stop the TSA now! Boycott the airlines.

  8. #18
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Thorn View Post
    Yeah, keeping something like that in a safe is a good idea. On a shelf? Not so much.
    It's ok to put it on a shelf, just as long as you don't have it labeled.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #19
    Senior Member kidFromBigD's Avatar
    Join Date
    Jan 2010
    Location
    Texas
    Posts
    159

    Default

    Quote Originally Posted by Thorn View Post
    ...
    playing "hide the salami" with the target's secretary*. ...)
    ...
    *Yes, I know someone who's gone that far.
    Almost spewed coffee reading that; thanks!
    You. Are. Doing. It. Wrong.
    -Gitsnik

  10. #20
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by kidFromBigD View Post
    Almost spewed coffee reading that; thanks!
    The best part is, you thought it was a euphemism for sex. He was serious, they really were hiding salamis around the office. The secretary was just a little odd.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •