news appeared on the 15th feb 2011 the famous www.rootkit.com (HBGary)
attacked and all the data in its mysql db and emails were stolen and
posted online. Being a huge fan of the book Rootkits: subverting the
windows kernel by Hoguland and Butler, I was an active member of the
had published the username and password of all accounts in clear text
(And yes mine toooo!!). As many users are in a habit of keeping the
same password for all accounts like their mail or facebook etc, this
posed a great risk.
stating that it has the potential to compromise people’s social
networking or mailing accounts. But the download to the backup of the
mysql db still is available at : http://stfu.cc/rootkit_com_mysqlbackup_02_06_11.gz.
Moreover, the password field in the database is hashed.
The hash used is a vulnerable MD5 hash which can be broken given JTR
has the right dictionary (http://dazzlepod.com/site_media/txt/passwords.txt).
- Step 1: Download backup, JTR, dictionary (john is in synaptic for
- Step 2: Extract the .gz file and open the extracted file as text,
search for your login name and get your password’s hash (I used nano to
open the file and searched for my login name. Hash is the field next to
your login name). Note only the first occurence of your username as
rest may be entries for comments and other stuff.
- Step 3: Create a text file test.txt with content
“mypassword:<hash>” without the “” and replace <hash> with
the hash you found in step 2.
- Step 4: Open terminal and ask jtr to do its magic using the
following command :
-wordlist=passwords.txt -format=raw-MD5 test.txt
password. Am thinking of increasing my password strength….
your password for all site accounts that have the same password. Go Go
of someone to post such stuff online and posing a threat to other
sites.However, It is our duty to stay vigilant enough and act on it as soon as possible. I am also the kind of person who likes to keep one password for
all accounts (I know its not recommended but its just easier this way)
and hence had to go through a lot of settings and change
password pages. Thankfully, none of my accounts were compromised before
I changed my password. Hope it is the same for you.:)