NYCPHP Meetup

NYPHP.org

[joomla] Test your passwords

Gary Mort garyamort at gmail.com
Fri Jul 6 14:38:21 EDT 2012


Think your Joomla! password is secure?  Here is a simple test[assuming it
is under 15 charectors long]

Go to http://hashcat.net/hashcat-gui/ and download hashcat-gui for your
operating system.

To check just YOUR password, run the gui , use either plus or lite, and
enter your password hash[from the database] in the field.  Select the
Joomla hash type - and then go ahead and run the cracker.   See how long it
takes to figure out your password.

If your using a dictionary method, you'll need one or more wordlists,  you
can get some dictionaries from
http://www.skullsecurity.org/wiki/index.php/Passwords

If you have a website with lots of users that you want to check, instead
you can run
select `password` from #__users [replace #__ with your prefix. :-)] - and
export the list to a text file to give to oclhashplus

Most password crackers around are limited to passwords of less than 16
chars[because beyond that, the algorithms change for efficient lookups] -
so while making your own passwords greater than 16 chars doesn't mean
instant security, it does mean that it is beyond the scope of script
kiddies who just download crackers from the internet and don't know how to
write their own.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20120706/ab316c7c/attachment.html>


More information about the Joomla mailing list