| 
  
    | 
	|  | Menu |  |  
     
     | 
      
       | 
        
         | 
          
           | 
						|  |  |  Home |  |  |  |  |  |  |  |  Discussions |  |  |  |  |  |  |  |  Tools |  |  |  |  |  |  |  |  Affiliates |  |  |  |  |  |  |  |  Content |  |  |  |  |  |  |  |  Info |  |  |  |  |  |  |  |  |  |  
  
    | 
	|  | User Info |  |  
     
     | 
      
       | 
        
         | 
          
           |  Membership: 
  Latest: MichaelSnaRe 
  New Today: 0 
  New Yesterday: 0 
  Overall: 9144 
 
  People Online: 
  Visitors: 293 
  Members: 0 
  Total: 293 
 |  |  |  |  |  
  
    | 
	|  | Full disclosure |  |  
     
     | 
      
       | 
        
         | 
          
           | CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
 Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
 Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
 Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
 [SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
 [SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
 CVE-2025-59397 - Open Web Analytics SQL Injection
 Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
 Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
 Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
 Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
 Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
 Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
 Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
 
 |  |  |  |  |  | 
  
    | 
	|  |  |  |  
        
          | 
              
                | 
                    
                      | 
                          
                            | 
	| 
	
		|  |  |  
		|  | IT Security and Insecurity Portal |  |  
 
	|  | RainbowCrack-Online |  |  
	| 
	
		|  Posted: Wed Nov 02, 2005 2:25 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| _GC_ |  | Regular user |  |  
  |  |  |  | Joined: Nov 02, 2005 |  | Posts: 8 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Hi, We just finished everything up on RainbowCrack-Online.
 Anybody that is interested can sign up, however there's a membership fee, as servers, generation and cracking machines are expensive.
 
 You can have a look on > www.RainbowCrack-Online.com <http://www.rainbowcrack-online.com/>.
 Current sets include:
 
 -LanManager-All (all printable chars) 1-14 (the tables are 1-7, but view the specs on LM hashing for more info)
 
 -NTLM MixAlpha Numeric 1-7
 -NTLM LowerAlpha Numeric 1-8
 
 -MD5 Alpha Numeric Symbol32 Space 1-7
 -MD5 LowerAlpha Numeric Symbol32 Space 1-7
 -MD5 LowerAlpha Numeric 1-8
 -MD5 MixAlpha Numeric 1-7
 
 -SHA1 MixAlpha Numeric 1-7
 
 -MySQL 323 MixAlpha Numeric 1-7
 
 -CiscoPIX MixAlpha Numeric 1-7
 
 
 We're also almost done generating MD4 and MySQL SHA1 tables.
 
 Articles in Information will be there soon, basically information on what
 to do to leverage knowing hashes. (And how to get the hashes in the first
 place.)
 For you pen tester fellows, we will be offering the tables for sale to you
 guys, as well as registered businesses, prices should be up later.
 
 -Regards,
 G.C.
 |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Wed Nov 02, 2005 4:54 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| shai-tan |  | Valuable expert |  |  
  |  |  |  | Joined: Feb 22, 2005 |  | Posts: 477 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Nice one. If people are paying wouldnt it be better to make 8-14 as well.
 Plain-text.info is some of your your competion is free and they offer some good cracking.
 
 
 Shai-tan
 
 Greetz Slim, Heintz and the team.
 |  |  
		| 
		
			| _________________
 Shai-tan
 
 ?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
 |  |  |  
	|  |  
	| 
	
		|  Posted: Wed Nov 02, 2005 10:57 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| _GC_ |  | Regular user |  |  
  |  |  |  | Joined: Nov 02, 2005 |  | Posts: 8 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Creating Rainbow Tables with Plaintext length range [ 8-14 ] would be unpractical to accomplish. The space used for such a project is enormous, also the time needed to have a decent succesrate would take a very,very long time. (50+ years even if multiple systems would be used)
 
 I also took a look on Plain-text.info. I compared the table sets they have with ours and concluded that we have more options and don't publish the hash results public for everyone to see.
 |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Wed Nov 02, 2005 11:19 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Heintz |  | Valuable expert |  |  
  |  |  |  | Joined: Jun 12, 2004 |  | Posts: 88 |  | Location: Estonia/Sweden |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | _GC_ wrote: |  	  | Creating Rainbow Tables with Plaintext length range [ 8-14 ] would be unpractical to accomplish. The space used for such a project is enormous, also the time needed to have a decent succesrate would take a very,very long time. (50+ years even if multiple systems would be used)
 
 I also took a look on Plain-text.info. I compared the table sets they have with ours and concluded that we have more options and don't publish the hash results public for everyone to see.
 | 
 
 dont conclude stuff without actually haveing logged in/aware of our other features, bots on irc and so on. indeed hashes are posted public. nobody has requested that feature so far and it is written in faq what should one do if confidenciality is needed. and most of all it does compensate thousands of dollars you're asking.
 |  |  
		| 
		
			| _________________
 AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!"
 |  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Thu Nov 03, 2005 12:56 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| shai-tan |  | Valuable expert |  |  
  |  |  |  | Joined: Feb 22, 2005 |  | Posts: 477 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Confidenciality is good and all but when you are more than likely cracking passwords for people that are more than likely not their own do you call that confidenciality _GC_ ? 
 Open Source and Open projects are the best way to be man. Plain-text serves the public great and they get a lot out of what they put into the community with their own volunteering.
   
 Shai-tan
 |  |  
		| 
		
			| _________________
 Shai-tan
 
 ?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
 |  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Thu Nov 03, 2005 1:56 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| _GC_ |  | Regular user |  |  
  |  |  |  | Joined: Nov 02, 2005 |  | Posts: 8 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Heintz, while no, we haven't looked that closely into the service, you must admit that our table sets exceed those at plain-text.info, however, I'd like to remind you that we sell access for 30$ a month, not 'thousands of dollars.' 
 Unfortunately we cannot offer the tables for free, as we have invested money and time into generating them.
 
 I think that services like plain-text.info are great, and I wish you guys the best of luck, however, for those looking for the extra power, speed, support, and stability of our service can choose to use it instead.
 
 Simple facts are these:
 RainbowCrack-Online supports more algorithms than any free system.
 RainbowCrack-Online has better tablesets than any other website free or pay.
 
 
 So you can make up your own mind as to what you want, again, we are not forcing you to purchase.. We simply felt that it would be prudent to provide such a service to the community.
 
 If people decide to attempt to deride us, then that is their choice.
 
 
 ** If you register for a full year it's only 18$ / month.....
 
 VIEW our tablesets VIEW our pricing plans.
 |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Thu Nov 03, 2005 2:06 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| shai-tan |  | Valuable expert |  |  
  |  |  |  | Joined: Feb 22, 2005 |  | Posts: 477 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | Quote: |  	  | Unfortunately we cannot offer the tables for free, as we have invested money and time into generating them. | 
 
 What and plain text hasnt?
 
 
 Oh and about the 8-14 that wasnt plain text. I was thinking of plain-text but its somewhere else.
  |  |  
		| 
		
			| _________________
 Shai-tan
 
 ?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
 |  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Thu Nov 03, 2005 2:23 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| _GC_ |  | Regular user |  |  
  |  |  |  | Joined: Nov 02, 2005 |  | Posts: 8 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| No, they haven't made any investment, only perhaps time. 
 They only have a small set of tables, and thats fine for what they do.
 
 I seriously doubt that there's anywhere offering 8-14 char alpha tables...
 
 With a larger set of tables, and by supporting more characters, the volunteer model just doesn't work...
 
 We'd need around 200 Dedicated machines, running 4 months to generate our MD5 tables alone.
 
 That's some serious money.
 
 Again, we aren't looking to make any money, we're looking to keep the service running, and to make it better.
 
 So choose what you want.
 
 --This will probably be my last responce to the thread.
 |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Thu Nov 03, 2005 2:35 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| shai-tan |  | Valuable expert |  |  
  |  |  |  | Joined: Feb 22, 2005 |  | Posts: 477 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Oh there are some 8-14's out there.  Dont you worry about that. The ones I seen only had 50% success rate and they were bloody huge. Distributed generation of course but in a huge cluster. The NSA rules. 
   
 
  	  | Quote: |  	  | No, they haven't made any investment, only perhaps time. | 
 
 You'll be surprised the effort and how much plain-text has put in. You think it doesn't cost them money to run their servers? You think it didnt cost them to get the computers they needed? You think each of their individual broadband and adsl connections dont cost them money? You think the domain name doesnt cost them?
 
 
 
  	  | Quote: |  	  | the volunteer model just doesn't work... | 
 
 Have you ever heard of open source?
   
 
 Shai-tan
 |  |  
		| 
		
			| _________________
 Shai-tan
 
 ?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
 |  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Thu Nov 03, 2005 3:17 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| _GC_ |  | Regular user |  |  
  |  |  |  | Joined: Nov 02, 2005 |  | Posts: 8 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Well, and i'm breaking my previous statement... If it would work, how come nobody has done it?
 
 And if it has been done correctly where is it? I'd like to see it.
 
 In fact, the DAY that any free website catches up to our tableset, I'll offer allllll the tables for download, free.
 
 That's a promise.
 
 So go ahead, start generating.
 
 Oh yes, and good luck on 8-14 Chars, as the only viable tableset is Numeric only..... and that's still one Terabyte.....
 
 Here's your winning configuration:
 
 MD5 Alpha-Numeric 9000x132000000
 100000000000 Tables
 
 1.92 Gigs per Table....
 
 13.4 Days to generate one table, around 125188 years to go through all the tables...
 
 so thats 1340000000000 years to generate all the tables (/ that number by the number of machines you have, if you have 1,000 machines that's ONLY 1340000000 years!)
 
 And somewhere around 192000000000 gigs for alllll the tables!
 
 OK GOOD LUCK BUDDY!
 
 -I really don't want to be mean or rude, I'm sorry if I've come off this way, but I pride myself in the support of Open-Source solutions, and we even support Zhu, the man who made rainbowcrack, and I've seen nobody else who does this.
 
 For what we do, the subscription model is the best we can have, if you can come up with a viable alternative plan, and not just spout 'open source' then feel free and we'll consider acting on it.
 |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Thu Nov 03, 2005 3:45 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| shai-tan |  | Valuable expert |  |  
  |  |  |  | Joined: Feb 22, 2005 |  | Posts: 477 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| lmao you really do take after Steve Balmer. lmfao. Just like steve Balmer you:
 Ignore the facts, abuse open source, then say you support everyone. Then say your gunna make the world pay for the services you offer. Then dance around like a monkey and then throw chairs when someone says they are moving to another company.
 Your just another open source leecher. Take things for free say you support the person who made it and then make people pay for things they can get elsewhere.
 
 BTW have you even the remotest idea on what the NSA is?
 |  |  
		| 
		
			| _________________
 Shai-tan
 
 ?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
 |  |  |  
	|  |  
	| 
	
		|  Posted: Thu Nov 03, 2005 3:54 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| shai-tan |  | Valuable expert |  |  
  |  |  |  | Joined: Feb 22, 2005 |  | Posts: 477 |  |  |  |  
 
 |  |  
			|  |  |  
 
 |  |  
		| 
		
			| _________________
 Shai-tan
 
 ?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
 |  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Thu Nov 03, 2005 4:00 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| _GC_ |  | Regular user |  |  
  |  |  |  | Joined: Nov 02, 2005 |  | Posts: 8 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| It seems that the only one that's 'throwing chairs' is you... 
 We aren't charging a lot of money, and we aren't doing it to make money.
 
 Unfortunately I live in a country where I must pay for gas, food, shelter, clothing, sex etc.
 
 I suppose you do not.
 
 Why don't you answer my question? If the open source model works for this, where are the services that offer LM, MD5, CiscoPIX, Sha1, and NTLM hash cracking, with all the same tablesets?
 
 It seems to me all you're doing is dodging my questions, and spouting 'open source.'
 
 MsSQL, Oracle, etc | MySQL
 
 Windows, Mac OS | Linux, Unix, BSD, Etc
 
 Rainbowcrack-online | ?????
 |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Thu Nov 03, 2005 4:11 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| shai-tan |  | Valuable expert |  |  
  |  |  |  | Joined: Feb 22, 2005 |  | Posts: 477 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| But doesnt everyone have to pay to live? Not sex though lmao! 
 Do you think that Linus Torvalds earns his money from Linux and git?
 Do you think Eric raymond earns his money for keeping the GNU inline?
 Do you think Richard Stallman gets his money from gcc and the GPL?
 
 They all get jobs with corporations that use their products and develop for their products, write books, serve the community and share their knowledge to get their living they dont claim money off what they created. They explain what they created in order to make the IT world better.
 
 You may be serving people but remember you are cracking people's passwords for money!! That is bad enough.
 |  |  
		| 
		
			| _________________
 Shai-tan
 
 ?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
 |  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Thu Nov 03, 2005 12:19 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| _GC_ |  | Regular user |  |  
  |  |  |  | Joined: Nov 02, 2005 |  | Posts: 8 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| You have somewhat the same argument as people opposed to Full Disclosure, AND you still avoid my question. And therefore I declare this argument: finished. 
 By the way, does not Linus make money by working? Do you think he uses open source software at his job?
 
 Does that make it wrong?
 
 We offer the service for the IT Security comunity, not a bunch of kids with 'leet sploits dood.' You can't simply pull password hashes out of thin air. The service is meant for skilled hackers, professionals like penetration testers.
 
 Adieu.
 
 By the way:
 
 This statement proves my point
 "They all get jobs with corporations that use their products and develop for their products, write books, serve the community and share their knowledge to get their living they dont claim money off what they created. They explain what they created in order to make the IT world better. "
 
 Corporations are in the business of 'ahem' making money.
 You claim that since I use open source, that I should offer my service for free.
 However you seem to edify the behaviour of corporations who make money, that use open source.
 
 You're idealisitic, I give you that, however this is a different situation...
 
 We may make our systems open source in the future, but that is the extent of it.
 |  |  
		|  |  |  
	|  |  |  | 
 
	| www.waraxe.us Forum Index -> General discussion 
 
	
		| You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 
 | All times are GMT Page 1 of 2
			Goto page 1, 2Next
 
 |  |  
	|  |  
 Powered by phpBB © 2001-2008 phpBB Group
 
 
 
 
 |  |  |  |  |  |