Re: Cracking SSL passwords for fun and profit
On Thu, Nov 27, 2008 at 08:58:02AM +0100, Richard Hartmann wrote:
> On Thu, Nov 27, 2008 at 01:27, Douglas A. Tutty <dtutty@vianet.ca> wrote:
>
> > Do you know what keyspace you used for your password? i.e. how many
> > (roughly) characters, were they letters, numbers, punctuation, etc?
>
> I do remember I chose a lowsec one. I.e. it should be [a-zA-Z0-9]{6-8}
>
>
> > Use your scripting language of choice (e.g. python), create a nested
> > loop that generates, in a logical manner, the set of passwords in which
> > the correct password will be found. Have this script able to save to a
> > file the current loop variables, and load them on startup if given the
> > file name as a parameter.
>
> Afaik, there is no easy way to feed a password into SSH. Same as
> OpenSSL, it was designed _not_ to accept passwords from the
> command line. For example, both will clear STDIN before prompting
> for a password.
> That being said, it should be doable with expect.
openssh is not the only ssh client in Debian. We also have putty,
lsh-client and dropbear.
--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
ICQ# 16849754 | | friend
Reply to: