Sunday, March 25, 2007

Fletcher-Checksums added

Following a user-request I added fletcher-checksums (8Bit-Fletcher and 16Bit-Fletcher) to http://serversniff.de/crypt-checksum.php.
I couldn't find any ready-to-use implementation, so recoded it in php. for the sake of having a fletcher-implementation in php online:

# 8 bit-fletcher
# codes an 8bit-fletcher-hash out of an
# hexencoded input-string
# consider this code public domain
#
$x="10111214" #hexecoded input-string
$twochunks=str_split($x,2); # split string into chunks
$lastleft=1; $lastright=0; # init
$modulo=65535; # fletcher-modulus
foreach($twochunks as $char)
{
$lastleft=fmod(($lastleft+hexdec($char)),$modulo); #left
$lastright=fmod(($lastright+$lastleft),$modulo); #right
}

$hexright=dechex($lastright); # make a hexval out of the old dec-val
$hexleft=dechex($lastleft); # make a hexval out of the old dec-val
$fletcher8="$hexright"."$hexleft"; # combine the two
print $fletcher8;
exit;

Twisting and Tuning

We tweaked the ip-info-script: It's working properly with icmp now, while a bug prevented it from workin correctly with icmp. Reinhard tweaked it to add a few flags, but until now i'm not really sure if they do make any sense. We'll see from the log or comments.
We also got rid of the redirect, which seemed to have prevent the page beeing used with konqueror. May there be no more bugs in there...

cheers,

tom

Friday, March 23, 2007

spinnoffs, volume one or "size DOES matter"


We're currently working on some small serversniff-spinoffs. Very focussed microsites with limited functionality. The first to be launched a few days ago was www.hashcrack.com, a site dedicated to reverse-lookups for several hashtypes.

We know quite a lot of hash-crackers and reverse-lookup-sites - but none of them was the thing we really wanted. Most of them have a limited count of hashes - the biggest we found were >200.000.000 words. There are a few bigger ones supporting crackers like john the ripper or rainbow-tables.

But almost all are limited to MD5-Lookups. Hey guys, it's 2007 and we do it-security. Occasionally i need to reverse other unsalted hashes: MySQL, SHA1 or plain old Windows, be it NTLM or LanMananger. Computingpower and harddrives are cheap - so were working on the ultimate site for database-driven hashlookus, supporting
  • MD5
  • SHA1
  • LanManager
  • NTLM
  • MySQL 3
  • MySQL 4
We were looking for wordlists. We gathered what we could get hold of, threw it together and did a little sorting. We ended up with 250MB of plaintext. We used john the ripper to create a list with all possible character-combinations for 1-4 chars length. Another 410 MB plaintext. I did want more, so i downloaded almost all wikipedia-databases, threw them together in a huge textfile, sorted out very long and very short strings, sorted out some wiki-formatting, sorted out all the millions of dupes and ended up with a gzipped file with a size of 202 MB that we simply call the mother of all wordlists. We're in the process of importing all three lists into our hash database.
Hashcrack.com currently lists 11.000.000 Words with ~ 65.000.000 Hashes on a (nearly) static database for we needed some data to experiment with. When we're finished with creating all those hashes we'll simply upgrade hashcrack.com to far more than 1.000.000.000 known hashes, hoping that it'll be of any use.
We welcome any opinions, comments and listings of your favourite reverse-lookup-sites.

tom

Wednesday, March 21, 2007

encryption is online again

our encrypter/decrypter is online again. while reinhard is workin hard to learn cryptography for his ceh-exam he fixed the script and put it online again. thanks reinhard!
reinhard also promised to work on new dns-scripts, too! go boy, go!

and, how nice: spammers read our blog - there were no new requests asking to sell our domainbase to obscure partys during the last week.

cheers,

tom

Friday, March 02, 2007

domainnames for sale....

we got quite a few requests to sell our domain-database during the last weeks. we continue to refuse almost all of them.

please: don't bother to ask unless you agree to serversniff's terms of use.
don't bother to ask unless you can't prove in any way that you are willing to abide by this terms.

like anyone else having an emailadress we get more than enough email-spam. we're not really interested in domainname-business and SEO (which would better be spelled SESpam) and we do not consider this business to create any added value for internet-security or the internet itself.

maybe i won't make the world any better, but i'll keep tryin not to make it any worse than it already is.

cheers,

tom