NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - General Discussion - Ideal spec for brute forcing?


7 Results - Page 1 of 1 -
1
Author Message
Avatar
gddtier

Status: n/a
Joined: Thu, 16 Aug 2012
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Thu, 16 Aug 2012 @ 18:46:15

Simple question, what would a good spec be for optimal md5 brute forcing speed?


Avatar
M@LIK

Status: n/a
Joined: Fri, 02 Mar 2012
Posts: 558
Team:
Reputation: 208 Reputation
Offline
Thu, 16 Aug 2012 @ 18:54:40

Plain MD5s are very fast, any modern GPU or even a high-end CPU would do.
However Brute-force is an old technique, you don't need to brute-force a hash unless you're exhausted on all other attacks.


Avatar
gddtier

Status: n/a
Joined: Thu, 16 Aug 2012
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Thu, 16 Aug 2012 @ 19:00:25

Well specifically the hash:salts I posted in the request section (http://pastebin.com/Kjcamy5A).

I've been brute forcing for the last 3 days and haven't gotten one single result.

I tried a simple dictionary attack with over 21gb of text. I'm just amazed how fast you managed to recover some of those passwords for me.


Avatar
ace10301

Status: n/a
Joined: Wed, 15 Aug 2012
Posts: 3
Team:
Reputation: 0 Reputation
Offline
Thu, 16 Aug 2012 @ 19:21:16

Two things, I also agree, I don't know how you're able to find those passwords that are on no sites.
Also, gddtier, could you share that 21gb file?


Avatar
M@LIK

Status: n/a
Joined: Fri, 02 Mar 2012
Posts: 558
Team:
Reputation: 208 Reputation
Offline
Thu, 16 Aug 2012 @ 19:50:12

gddtier said:

Well specifically the hash:salts I posted in the request section (http://pastebin.com/Kjcamy5A).

I've been brute forcing for the last 3 days and haven't gotten one single result.

I tried a simple dictionary attack with over 21gb of text. I'm just amazed how fast you managed to recover some of those passwords for me.


If that's the case then you were wrong when you started your attack with a bruteforce. Salted hashes are usually slower than plain ones, and brute-forcnig them is just not smart.
Go and grab hashcat: http://hashcat.net/oclhashcat-plus/
Spend the next few days to learn it and you will be able to crack hashes, but remember hash-cracking is an art so it's not totally about GPU power and specs =)


Avatar
Unhash

Status: n/a
Joined: Thu, 16 Aug 2012
Posts: 3
Team:
Reputation: 0 Reputation
Offline
Thu, 16 Aug 2012 @ 21:07:24

See here for a hardware comparison: https://en.bitcoin.it/wiki/Mining_hardware_comparison If a GPU is good for mining bitcoins it's also good for cracking passwords.

Basically pick the most expensive ATI card you can afford.

But, as M@LIK said, you need skill and knowledge, so practice and learn. Not just play with Hashcat but read on the web as there are many papers and articles on rule composing and creating and picking dictionaries and about various attack techniques.
edited by Unhash on 16/08/2012


Avatar
gddtier

Status: n/a
Joined: Thu, 16 Aug 2012
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Fri, 17 Aug 2012 @ 02:12:38

ace10301 said:

Two things, I also agree, I don't know how you're able to find those passwords that are on no sites.
Also, gddtier, could you share that 21gb file?


Search piratebay for "wordlist". I downloaded a bunch of them and combined them into one huge text file that you can't even open with notepad lol.



7 Results - Page 1 of 1 -
1

We have a total of 188977 messages in 23444 topics.
We have a total of 21240 registered users.
Our newest registered member is socomfire.