Jump to content

Search the Community

Showing results for tags 'Safes'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

Found 1 result

  1. So recently my buddy and me started poking holes in some password safe systems(like KeePass). I made a blog post about most of these could easily be defeated by adding a WndProc listener to the clipboard, and watching for passwords as they get copied and pasted. That post is here: http://ballastsec.blogspot.com/2012/07/insecurity-in-password-management.html Not all of the password safe systems use this method, or have alternative methods as well. So the best way to attack these safes is to crack the safe. Currently, I have only implemented a safe cracker for Password Safe(http://passwordsafe.sourceforge.net/) after doing a light analysis then spending a lot of fun time making a dictionary cracker for it. Blog post about it here: http://ballastsec.blogspot.com/2012/07/auditing-of-password-safe-continues.html You can also find the source code that I've released so far here: https://github.com/bwall/SafeCracker/ and finally find the tarball of the latest version with a nice little Makefile here: https://github.com/downloads/bwall/SafeCracker/safe-cracker.tar.gz safe-cracker has currently only been tested in a Linux environment, if you really wanted to compile it on Windows, you would need the pthread library. If I were you though, I would wait until I finish implementing OpenCL into the cracker, as I will supply a compiled copy for Windows. What I would like to know is, what other password safe systems would you want audited? I want to add a few to this project, and hopefully start pushing development towards cracking more state of the art hashes.
  • Create New...