Makl Ndrix

Tag: password

  • KeyWalking: pattern based passwords

    TL,DR; download the script here. In security audits, when we get a password file we -even though we may have admin or root access on the target already- usually grab the password file for offline cracking, just to see if there’s any passwords that users re-use, which would give us more access to other systems.…

  • keyspace limitations

    I can’t really say which website this is, but it’s a middle eastern telecommunication company. Maximum 8 character password, in 2012, really? But then again, in a confirmation email, I noticed that these guys store the password in cleartext. Is diskspace really that expensive that we have to make it a VARCHAR(8)? I know these…