View Single Post
Old 02-19-10, 03:30 PM   #4
snowmanwithahat
Snowy
 
snowmanwithahat's Avatar
 
Join Date: Jul 2004
Location: Michigan
Posts: 974
Default Re: Any Ethical Hackers?

DD, I think you're looking at the term "ethical hacker" in the wrong light.... or rather "hacker" shouldn't be used here.

I do alot of work with CUDA (pyrit) and WPA cracking. I do this with packet captures that I've taken from my roomate's router that I know the PSK to. I've been doing this to learn more about what makes a strong password strong. Given the computational time of WPA cracking it's impossible to brute-force, so this has led me in the search of the "ultimate wordlist"... why? I'm not out to hack the world... simply to find out if my efforts to secure my data is enough to deter someone who has less than a few years to try and hack my network.

Given that description I'd say I'm an ethical hacker. Or you could look at professional peneration testers. That certainly is a more accurate description of an ethical hacker. For those of you that aren't aware profession penetration testers are people who may have hacking experience, but certainly have knowledge of vulnerabilities and a deep understanding of threats. They're hired by companies usually to probe the network under an agreement that all information and vulnerabilities will be used for strenghtening security of the network.

So, broaden your definition of hacker from implying malicious activity to someone who simply knows vulnerabilities and common weaknesses of any type of network or password scheme.

Again... I know alot about wiping passwords from SAM files. This is really useful information when my Aunt died and we had to get on to her computer to recover financial information... instead of paying lots of money for someone to "hack" her system all I had to do was load up a USB key with linux on it and go to work.

So going back to Six_storm's original intent... yes, ethical hackers definetly exist but it can be more or less viewed as research only, or as a penetration tester.

I'll have a follow-up post coming about some of the things I know... I've been building a pretty strong dictionary file for use with wpa cracking but it can be applied to any arena of password cracking, such as NTLM hash cracking



Also.... for those interested, this is actually a really good place for a thread like this since alot of the buzz in the hacking industry lately has been revolving around CUDA acceleration of things that would normally take 20x longer. For example with Pyrit I saw a 15x performance increase, so something that could take a month, now would only take 2 days (realistic time frame too....) There's also a really cool program called CUDA-multiforcer which is great for cracking NTLM, MD5, and MD4 passwords



Quote:
I am just floored at some of the methods that "hackers" are using today and just the shear stupidity of the average user falling for these methods lol.
That's because alot of the vulnerabilities in the world rely on the human factor. If WPA passwords were all 63 characters long and used a full mix of upper, lower, special characters, and numbers, we'd never figure them out. But with a high degree of certainty you can build an intelligent wordlist... I'll have more info coming on that later
__________________
---Gaming Rig---
Q6600 3.4ghz (378x9) - 1.5v
Gigabyte EP45-UD3P
8gb (4x2gb) OCZ Gold DDR2-800 (5-4-4-12)
MSI+ASUS GTX 470 SLI
Dell u3011 IPS Display
HP 22" Auxiliary Monitor
256gb Western Digital Silicon Edge Blue SSD
5x2tb RAID-5 Array
750W PC P&C PSU
Windows 7 Pro 64-Bit & Ubuntu 10.04 64-bit

---Gaming Laptop---
ASUS G53JW
Core i7 740QM
16gb DDR3
Nvidia GTX 460m
1tb WD HDD
120gb Corsair SSD

Join the NvNews Folding @ Home Team
snowmanwithahat is offline   Reply With Quote