February 5th, 2011 by admin in cracking, Linux

MAPDAV is designed to use what is known about a user or users (ex, username, first name, middle name, last name, etc) on a unix/linux system from a /etc/passwd file and tries to come up with probable combinations that could be the user’s password. An administrator could run the output through a cracker and see if their user’s passwords are anything easy to guess.

For example, if we had a passwd file entery such as:
chrisa:x:107:102:Chris Anderson:/home/chrisa:/usr/bin/bash

We could have MAPDAV derrive some possible passwords, such as chrisa, chrisanderson, andersonchris, canderson, ChrisAnderson, Anderson Chris, CHRIS, plus any other combinations you entered. It has quite a few other features you can use to modify the output to have arbitrary characters, be in reverse, and other useful things.

Out of a sample of 30192 users, MAPDAV 1.0p8 cracked 4.7% of the passwords on the default settings, 1.2% of which were NOT the same user/pass. This combind with a good conventional wordlist could give good crack results.

More info:

Leave a reply