Okay. I don't ask many questions on here, in fact, I usually answer them or try my best to offer suggestions/help. I'm hoping that someone here has the knowledge now to help me out.

Basically, on the website that I help maintain and helped create, we have a set of login features using PHP and MySQL so other employees can make updates and set dates. We aren't using PHPNuke or any other public or open source CMS, but we know that there will always be the danger of XSS and SQL injections.

Essentially, I've been given the task (kind of put on myself) to identify any possible issues and problems we may have. For possible XSS vulnerabilities, I have created a PHP function that is used on incoming data and parsed for quotes and other items that might allow SQL injection or javascript to get posted in an XSS attempt to get a cookie.

I still don't, however, have a good way to audit our web passwords. Since we are transmitting the data internally and using SSL, we're okay from that angle. We are not okay from the auditing angle. There are several employees that use alpha passwords only, and it's incumbent upon me to audit for any possible alpha passwords in the case that someone were to run a dictionary scan or create MD5 rainbow tables.

The only problem I've hit is that I don't know how to run a dictionary MD5 scan. I know how to generate the MD5 tables, but I was wondering if anyone would be willing to send me a compressed copy of the tables over the course of a couple nights. I'm willing to be reasonable in this matter. I do not need alphanumeric tables, just alpha MD5 tables. If you think you could help me out, I'd greatly appreciate it.

Otherwise, I'm still looking for a good MD5 cracker that uses a dictionary. I've almost hit the point that I'm planning on maybe creating my own PERL script then converting it to an EXE so I can do this on my own. I'll still need those alpha tables, however. And yes, I can generate them on my own, but I'm working on MD5 alphanumerics at the moment in an attempt to justify upping requirements on password settings higher. In the meantime I'd like to get my hands on some alpha tables.

Lastly, if you have created MD5 alpha tables, and know how long it takes to do so on say, a 1 ghz machine, I'd appreciate getting that info too. Thanks.

http://www.governmentsecurity.org/forum/in...=30&#entry42291

In that thread there is also a rainbow table calculator to see about how long it will take to generate tables, as well as some syntax to use when creating them.

w00dy,

That's nice, but it's not MD5 rainbow tables. It's the MD5 checksum of completed rainbowtables for the LM hash. It's nice and useful, but not exactly what I'm looking for. Thanks for the link though.

here are reviews of brute forcing programs and almost all support md5. i would recommend KMD5 for u (read the rest on the site)
if you have any questions regarding them post it here

thanks a lot for the link nulladd - thats a really cool website