Crack The Code - Thats A Direct Challenge

I Challenge You To Crack The Code
-------------------------------------
I had quite an interesting experience recently. I was hired by a company to perform a vulnerability assessment and penetration test on their network. During the initial meeting, one of the key technical staff presented me with a challenge; He handed over the NTLM hash of the domain Administrator account and challenged me to decipher it. He explained that the complexity and length of the password would prevent me from deciphering it during the time allotted for the project. He was actually quite confident in my impending failure.

In most cases, this individual would have been right on the mark. On the other hand, I'm not sure he expected to challenge someone who has close associates with discretionary time on some of the most powerful computers in the world.

6 Hours, 2 Servers, 64GB of Memory, and 32 Processors Later and.....
------------------------------------
It took just under six hours to decipher the password. Of course, my 'associates' were using a program of my choice on servers with 32 processors and 64GB of RAM a piece. It's nice to have friends with access like this. Especially in my line of work. Needless to say, my client was shocked when I called him the next day and gave him the password.

Let's Have Some Fun: A Challenge For You
----------------------------------------------
(In order for you to do this, you need to go to: http://www.defendingthenet.com/NewsLetters/ CrackTheCode-ThatsADirectChallenge.htm)

Shortly after this experience, I started thinking about writing an article about it. Then I thought to myself, why write just an article? Why not come up with a challenge for our readers?

Hidden in this article is information that will ultimately provide you with a phrase that has been encrypted. You will need to know a few pieces of general information such as, where to find the hash in this article, how to extract the hash from the article, what the password is that will reveal the hash, and what type of hash is being used! Still with me on this? You will need to do all this before you can start cracking the encrypted phrase.

First, you need to find the hashed phrase located in this article. I'll give you a hint; I recently wrote an article about hiding messages in files. This article can be found on the Defending The Net Newsletter Archive. It is also in the www.CastleCops.com archive. Oh, and once you find where the hash is you will need a password to extract it. This one I am going to give away. The password to extract the hash is 'letmein' (without the ' ' of course).

Then, you will need a tool that can easily handle deciphering of the hash once you extract it from this article. There are quite a few out there that will do the job, however, I highly recommend using pnva naq noyr i2.69, a publicly available security tool that no self respecting security engineer should be without. You will also need to know the type of hashing algorithm that was used. I decided to use zrffntr qvtrfg svir because it is relatively well-known. (Try saying that 13 times real fast!)

Conclusion
----------------
The first person to successfully unravel this riddle and e-mail me at riddle@paralogic.net with the deciphered phrase, along with a detailed description of how they accomplished the task, will receive a 512MB, USB2.0 Jump Drive. As soon as we receive this information we will post it on the main page of www.defendingthenet.com.

About The Author
----------------
Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. If you would like to contact Darren you can e-mail him at Darren.Miller@ParaLogic.Net

In The News:


pen paper and inkwell


cat break through


Email Scams ? Ten Simple Steps To Avoiding Them

According to the Anti-Phishing Working Group (APWG) email scams also... Read More

Traditional Antivirus Programs Useless Against New Unidentified Viruses!

Every now and then you can read about a new... Read More

Identity Theft -- 10 Simple Ways to Protect Your Good Name!

Identity Theft is one of the most serious problems facing... Read More

The Saga of the Annoying Adware

When we think of adware, what comes to mind are... Read More

Web Conferencing Readers - So What Do We Do with the PAYPAL SPAMMER

From: "Paypal Security" Subject: New Security Requirements Date: Tue, 26... Read More

SPYWARE - Whos Watching Who?

I am in the midst of Oscar Wilde's The Picture... Read More

Phishing: An Interesting Twist On A Common Scam

After Two Security Assessments I Must Be Secure, Right? ... Read More

How to Protect Your Child from the Internet

When the Internet first came about, it was realized it... Read More

Viruses and Worms, Protection from Disaster

Virus damage estimated at $55 billion in 2003. "SINGAPORE -... Read More

7 Ways to Spot a PayPal Scam E-Mail

Paypal is a great site and is used by many... Read More

The Top Twelve Threats No Computer User Should Ignore

The internet is undoubtedly a fantastic resource for families and... Read More

An Open Letter From a So-called Stupid

Someone recently told me, "You would have to be a... Read More

Web and Computer Security

Well, if that would have been said to me by... Read More

Phishing and Pharming: Dangerous Scams

As soon as almost all computer users already got used... Read More

Breaking Into Your PC: News...

You'd better learn news from media, not from emails, security... Read More

Free Spyware Removal - Its Not As Easy As It Sounds

Nobody wants to pay to remove spyware. At the very... Read More

Criminals are Fishing For Your Identity

What is Phishing? In a typical Phishing attack, a criminal... Read More

How to Fight Spyware

If you are wondering how to fight spyware for safe... Read More

Check Out That Privacy Policy

Before you enter your name, address or any other data... Read More

Protect Your Little Black Book

The movie Little Black Book features a young woman, Stacy,... Read More

Passwords or Pass Phrase? Protecting your Intellectual Property

Much has been said on the theory of password protection... Read More

Personal Firewalls - Secure Your Computer

There has not been a time in the history of... Read More

Is Your Music Player Spying On You?

In today's times spyware is a very serious issue and... Read More

Why you Must Secure your Digital Product and Thank You Web Page

A couple of years back, I paid my dues the... Read More

Is The Internet Over Regulated

Today's Internet or World Wide Web is being over regulated.But,... Read More

A New Low

A new variation of the Nigerian Scam theme ... Read More

Internet Small Business and Fraud

Be careful of sites that promise to send you "instant... Read More

Adware and Spyware: The Problems and Their Solutions

The Threat10 years ago you could probably have run no... Read More

Phishing - Identity Theft & Credit Card Fraud

What is Phishing? Phishing is a relatively newly coined term... Read More

How to Know Whether an Email is a Fake or Not

A few nights ago I received an email from "2CO"... Read More

The Attack of the Advertiser - Spy Mother Spy

The menacing campaigns that drive the corporate spyware and adware... Read More

How to Protect Yourself from Viruses, Spyware, Adware, and Other Nuisances

Spyware/adware is a new major concern for PC users everywhere.... Read More

The Move to a New Anti-Virus Model

This is the second in a series of articles highlighting... Read More