Re: Cracking SSL passwords for fun and profit



On Thu, Nov 27, 2008 at 08:58:02AM +0100, Richard Hartmann wrote:
On Thu, Nov 27, 2008 at 01:27, Douglas A. Tutty <dtutty@xxxxxxxxx> wrote:

Do you know what keyspace you used for your password? i.e. how many
(roughly) characters, were they letters, numbers, punctuation, etc?

I do remember I chose a lowsec one. I.e. it should be [a-zA-Z0-9]{6-8}


Use your scripting language of choice (e.g. python), create a nested
loop that generates, in a logical manner, the set of passwords in which
the correct password will be found. Have this script able to save to a
file the current loop variables, and load them on startup if given the
file name as a parameter.

Afaik, there is no easy way to feed a password into SSH. Same as
OpenSSL, it was designed _not_ to accept passwords from the
command line. For example, both will clear STDIN before prompting
for a password.
That being said, it should be doable with expect.

openssh is not the only ssh client in Debian. We also have putty,
lsh-client and dropbear.

--
Tzafrir Cohen | tzafrir@xxxxxxxxxx | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@xxxxxxxxxxxxx | | best
ICQ# 16849754 | | friend


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx