ecs140w020@deneb.ucdavis.edu (0000;0000005648;4000;250;215;ecs140w) (03/06/88)
Bunkersoft of Mountain View has a VMS password hacker available for $30 (source code) from Bunkersoft PO Box 4436 Mountain View CA 94040-4436 The method used is a brute force attack. However, because of the nature of the VMS password file, SYSPRV or CMKRNL is required for a short window of time before running. I ran this program on my installation at work; it found 35% of all passwords. Since HPWD is a proprietary DEC code, a batch file is given to extract this information from LOGINOUT.EXE. I believe this program is aimed at security managers etc. ecs140w020@deneb.ucdavis.edu ucdavis!deneb!ecs140w020
robert@johnny.cs.unlv.edu (Robert Cray) (03/11/88)
In article <1315@ucdavis.ucdavis.edu> ecs140w020@deneb.ucdavis.edu (0000;0000005648;4000;250;215;ecs140w) writes: >Bunkersoft of Mountain View has a VMS password hacker >available for $30 (source code) from [...] >Since HPWD is a proprietary DEC code, a batch file is given to >extract this information from LOGINOUT.EXE. I believe this program >is aimed at security managers etc. > Someone posted the source to lgi$hpwd on info-vax a while ago. I'm suprised DEC does not make available a call to do this, which would also do the same accounting that goes on in loginout. Can anyone whos looked at the code comment on how secure it is? I don't know macro-32, and have no intention of learning it. Quite annoying that so many vms programs are in macro. --robert