On Tue, 2009-10-06 at 19:17 +0100, psmith wrote: > i'm doing some pen testing of my brother's companies network he wants > me > to see if it's possible to get in so I'd be using the output as a > word > list, and yes unfortunately i'll need all of it for comparison i'm > not > sure if the program (aircrack) takes data from a pipe as a word list, > but i'll look into it If by "getting in" you mean "guessing a password" and if the password system accepts only 8 upper-case letters, then the answer is "it depends how long the system takes to accept or reject an attempt". There are 26^8 possible combinations i.e. 208,827,064,576 and on average you need to check half of them, assuming they are really random. If each attempt takes 1 second, you get on average 6621 years for a hit on a specific password. OTOH if an attempt takes 1 microsecond, it's just under 60 hours. Things to bear in mind: * If these are user-generated passwords, they are not random. * If the intruder can check against multiple users at once (i.e. he doesn't care which one it is) the numbers drop dramatically. * If the system is at all well-designed it will block attempts after some number of failures from the same origin, e.g. 3. In any case, it should report bursts of failed attempts to the administrator. * Social engineering beats brute force a large percentage of the time. IOW, and in the absence of more concrete information, I'd say you're not learning anything special by doing a brute-force check like this. poc -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
