I’ve uploaded a basic PEAP/LEAP brute-force logon script that I wrote a couple of months ago to the wireless page. It simply calls wpa_supplicant and parses the results, which is slow, but appears to work. Enjoy.
Joe
Stuff
This foofus.net island of lost toys.
This is old, but might be interesting to fellow security geeks. The idea here is to challenge concepts of what a password is and how it should be secure. In essence, using this system will allow you to keep your uber-secret in a public place such as twitter. There’s some other crufty code (firefox plugin) to go with this, but it’s really just for fun.
I’ve updated my Samba modifications for the 3.3.7 release. The patch adds support to Samba utilities for passing-the-hash. For the uninformed, this allows you to leverage hashes gathered with such excellent tools as FgDump, without needing to ever crack the password. You can simply pass-the-hash and mount remote shares, create new accounts, etc. as the targeted account. Another bit of goodness here are some changes to the nmbd and smbd daemons. With this patch, nmbd will respond to all broadcast requests. Smbd will log any challenge/response handshakes. All sorts of fun can be had with this… See the following pages for more information:
http://www.foofus.net/jmk/smbchallenge.html/
http://www.foofus.net/jmk/passhash.html
Have a FgDump/PwDump or Medusa question? Join our mailing list and we’ll help you out.
http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net