Bug#727067: details

Henri Salo henri at nerv.fi
Tue Oct 22 11:28:05 UTC 2013

Verified in sid. In wheezy nasty tries to find the password, but I believe =
program does not work as intented. Some test cases in wheezy below.

Run: nasty -m file -i input -f output
Result: does not find the password at all even it is in the input file.

Run: nasty -a 8 -b 8 -m incremental -f output

# tried: 11985 (499.375000 per second), last tried: T
# tried: 13512 (500.444444 per second), last tried: g[
# tried: 15042 (501.400000 per second), last tried: Ab
# tried: 16572 (502.181818 per second), last tried: =FBh
# tried: 28770 (504.736842 per second), last tried:=20
# tried: 30303 (505.050000 per second), last tried: ^=A6

Does not find password this way. Also note that it does not try for eight
characters and I'm not sure if that one was space or empty password.

With very weak password nasty prints only this without password:

nasty v0.6, (C) 2005 by folkert at vanheusden.com

Passphrase is:=20

You might want to use Python + paramiko to bruteforce the password.

Henri Salo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/forensics-devel/attachments/20131022/c2d940a3/attachment.sig>

More information about the forensics-devel mailing list