Crack The Code - Thats A Direct Challenge

I Challenge You To Crack The Code
-------------------------------------
I had quite an interesting experience recently. I was hired by a company to perform a vulnerability assessment and penetration test on their network. During the initial meeting, one of the key technical staff presented me with a challenge; He handed over the NTLM hash of the domain Administrator account and challenged me to decipher it. He explained that the complexity and length of the password would prevent me from deciphering it during the time allotted for the project. He was actually quite confident in my impending failure.

In most cases, this individual would have been right on the mark. On the other hand, I'm not sure he expected to challenge someone who has close associates with discretionary time on some of the most powerful computers in the world.

6 Hours, 2 Servers, 64GB of Memory, and 32 Processors Later and.....
------------------------------------
It took just under six hours to decipher the password. Of course, my 'associates' were using a program of my choice on servers with 32 processors and 64GB of RAM a piece. It's nice to have friends with access like this. Especially in my line of work. Needless to say, my client was shocked when I called him the next day and gave him the password.

Let's Have Some Fun: A Challenge For You
----------------------------------------------
(In order for you to do this, you need to go to: http://www.defendingthenet.com/NewsLetters/ CrackTheCode-ThatsADirectChallenge.htm)

Shortly after this experience, I started thinking about writing an article about it. Then I thought to myself, why write just an article? Why not come up with a challenge for our readers?

Hidden in this article is information that will ultimately provide you with a phrase that has been encrypted. You will need to know a few pieces of general information such as, where to find the hash in this article, how to extract the hash from the article, what the password is that will reveal the hash, and what type of hash is being used! Still with me on this? You will need to do all this before you can start cracking the encrypted phrase.

First, you need to find the hashed phrase located in this article. I'll give you a hint; I recently wrote an article about hiding messages in files. This article can be found on the Defending The Net Newsletter Archive. It is also in the www.CastleCops.com archive. Oh, and once you find where the hash is you will need a password to extract it. This one I am going to give away. The password to extract the hash is 'letmein' (without the ' ' of course).

Then, you will need a tool that can easily handle deciphering of the hash once you extract it from this article. There are quite a few out there that will do the job, however, I highly recommend using pnva naq noyr i2.69, a publicly available security tool that no self respecting security engineer should be without. You will also need to know the type of hashing algorithm that was used. I decided to use zrffntr qvtrfg svir because it is relatively well-known. (Try saying that 13 times real fast!)

Conclusion
----------------
The first person to successfully unravel this riddle and e-mail me at [email protected] with the deciphered phrase, along with a detailed description of how they accomplished the task, will receive a 512MB, USB2.0 Jump Drive. As soon as we receive this information we will post it on the main page of www.defendingthenet.com.

About The Author
----------------
Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. If you would like to contact Darren you can e-mail him at [email protected]

In The News:


Kitsap Sun

OC launches investigation of security director
Kitsap Sun
BREMERTON — Olympic College has launched an investigation of complaints against its director of campus safety in light of a vote of no confidence by the union representing security guards. The vote, taken in mid-January, showed 88 percent of members ...


The Sun

Security services knew of glaring weakness in Parliament security after 'war game' simulating attack on Westminster ...
The Sun
SECURITY services were aware of gaps in Parliament's security after a simulated attack ended with most MPs being killed, it has been claimed. A source quoted by the Sunday Times claimed a “table-top” exercise revealed four terrorists with automatic ...
Security chief told MPs they were safe in parliament before attackThe Guardian
Urgent review of security gates of Parliament needed after Westminster attackExpress.co.uk

all 56 news articles »

The Independent

Security breach renders in-flight laptop ban useless
The Independent
The airport which is the main target of the Government's ban on electronic devices has a security flaw that renders rigorous checks futile, The Independent can reveal. After clearing six separate security hurdles at Istanbul airport, passengers bound ...

and more »

Rochester Democrat and Chronicle

JCC receives $200,000 to improve security - Democrat and Chronicle
Rochester Democrat and Chronicle
Funds will be used to upgrade cameras and other measures following two bomb threats at the Brighton facility this month.
JCC of Rochester gets $200,000 for security enhancements | WXXI ...WXXI News

all 4 news articles »

The Independent

WhatsApp: Scapegoat for London's security lapses
DEBKA file
British Home Secretary Amber Rudd Sunday, March 26, attacked WhatsApp for refusing intelligence services and police access to its encrypted messaging service, used by Khalid Masood three minutes before his terrorist rampage in London last Wednesday.
Ex-cyber security chief says Government is 'using' Westminster attack to grab unnecessary spying powersThe Independent
WhatsApp security debate must be informed or we will all sufferiNews
Home Secretary Amber Rudd: Give security services access to WhatsAppThe National

all 175 news articles »

Reuters

Britain reviewing security at parliament after deadly attack
Reuters
Interior minister Amber Rudd told the BBC there would be another review of security at the Palace of Westminster, but that such arrangements were continually assessed. "There are constant reviews and updates so that we have the right form of defense in ...
London attack fuels calls for tighter Westminster securityThe Guardian
London attack: Parliament security under reviewBBC News
Questions over Parliament security as motorcyclist rides through gate shortly after terrorist attackTelegraph.co.uk
Wall Street Journal (subscription)
all 8,413 news articles »

The Japan Times

European security ties 'too precious' for Brexit talks
The Japan Times
LONDON – Britain's intelligence expertise may be “too precious” to use as a bargaining tool in the upcoming Brexit talks, experts said, after a terror attack in London highlighted the need for continued European security cooperation. The suggestion ...

and more »

New System Estimates Cleveland Airport Security Wait Times
U.S. News & World Report
New System Estimates Cleveland Airport Security Wait Times. Cleveland's main airport is developing a system to help travelers more accurately compare wait times at its security checkpoints and better plan their trips. | March 27, 2017, at 12:08 a.m.. MORE.

and more »

Huffington Post

What Don't We Talk About When We Talk About Israel's Security
Huffington Post
When Israeli and American Jews talk about “Israel's security” they are thinking about the Holocaust and about extermination. That is the reason they choose the narrowest possible definition of “security,” a strip. Israel's “security” is what we ...

and more »

Otago Daily Times

Ivory Coast rescinds port security measures, attack threat unfounded
Reuters
"After compiling the information ... it emerged that the threat is not real," the head of maritime security Colonel Bertin Koffi Tano wrote in a second order to the Abidjan and San Pedro port authorities and shipping companies on Sunday. "I ask that ...
Ivory Coast boosts port security over attack threatOtago Daily Times

all 5 news articles »
Google News

Wireless Network Security

Working from home has its advantages, including no commute, a... Read More

8 Surefire Ways to Spot an E-Mail Identity Theft Scam!

The E-Mail Identity Theft Scam is running Rampant. These E-Mail... Read More

Securing Your Accounts With Well-Crafted Passwords

In the past I've never really paid much attention to... Read More

Fishing for Fortunes. Scam!

Spelt phishing, but pronounced as above, this despicable act is... Read More

Top Five Online Scams

The top five online scams on the Internet hit nearly... Read More

Is the Internet Insecure Because of You?

Long gone are the days that we could feel secure... Read More

Protecting Your Children On The Internet

If you are a parent, as am I, I think... Read More

Its Time to Sing the Encryption Song - Again!

Yes, I'm wearing my encryption hat again. Why you may... Read More

Online Cell Phone Scams and Spam

They're out there. Individuals trying to make a quick buck... Read More

Personal Firewalls - Secure Your Computer

There has not been a time in the history of... Read More

Phishing: A Scary Way of Life

The Federal Bureau of Investigation has identified "phishing" as the... Read More

Web Browsing - Collected Information

You may not realize it, but as you are surfing... Read More

How to Protect Yourself from Viruses, Spyware, Adware, and Other Nuisances

Spyware/adware is a new major concern for PC users everywhere.... Read More

Email Scams ? Ten Simple Steps To Avoiding Them

According to the Anti-Phishing Working Group (APWG) email scams also... Read More

The Risk Of Electronic Fraud & Identity Theft

Electronic Fraud and Identity Theft ----------------------------------- Human beings are pretty... Read More

An Open Door To Your Home Wireless Internet Network Security?

This is not some new fangled techno-speak, it is a... Read More

Behavior to Stay Safer Online

1. Importance of a Virus Scanner: A Antivirus program can... Read More

Spyware, This Time Its Personal!

First the basic definition of Spyware: It is a type... Read More

Is That Free Stuff Like An iPod Or Desktop Computer Really Free?

Have you seen the web site, www.freestuff.com? Or have you... Read More

Remove Rogue Desktop Icons Created By Spyware

If you have used a Windows machine for a while,... Read More

Arming Yourself Against Spyware

While clicking from site to site on the internet you... Read More

Dont Miss Information Because of Misinformation

It has been said that with the wealth of information,... Read More

Money Mule Email Scam Hits U.S.

Imagine this ? you open up your email box and... Read More

Secure Your PC From Hackers, Viruses, and Trojans

Viruses, Trojans and Spyware: Protecting yourself.No user on the internet... Read More

The Importance of Protecting Your PC from Viruses and Spam

Today the internet is a mine field of malicious code... Read More