klb@philabs.Philips.Com (Ken Bourque) (03/08/88)
This posting from sci.crypt might be of interest:
Article 979 of sci.crypt:
Path: philabs!prls!pyramid!decwrl!decvax!ucbvax!ucdavis!deneb.ucdavis.edu!ecs140w020
From: ecs140w020@deneb.ucdavis.edu (0000;0000005648;4000;250;215;ecs140w)
Newsgroups: sci.crypt
Subject: VMS password hacker
Message-ID: <1315@ucdavis.ucdavis.edu>
Date: 6 Mar 88 12:06:58 GMT
Sender: uucp@ucdavis.ucdavis.edu
Lines: 19
Bunkersoft of Mountain View has a VMS password hacker
available for $30 (source code) from
Bunkersoft
PO Box 4436
Mountain View CA
94040-4436
The method used is a brute force attack. However, because of the
nature of the VMS password file, SYSPRV or CMKRNL is required for
a short window of time before running. I ran this program on my
installation at work; it found 35% of all passwords.
Since HPWD is a proprietary DEC code, a batch file is given to
extract this information from LOGINOUT.EXE. I believe this program
is aimed at security managers etc.
ecs140w020@deneb.ucdavis.edu
ucdavis!deneb!ecs140w020
--
Ken Bourque klb@philabs.philips.com ...!{uunet,ihnp4,decvax}!philabs!klb