NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - General Discussion - Tip of the day


105 Results - Page 4 of 4 -
1 2 3 4
Author Message
Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3594
Team:
Reputation: 10311 Reputation
Online
Sun, 07 Jul 2019 @ 14:25:42

Recover gpg passphrase using John the Ripper
If you forgot your GPG key passphrase, JTR is able to recover it again.

Here it is how: https://paste.hashkiller.co.uk/MjbFZcr9


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3594
Team:
Reputation: 10311 Reputation
Online
Mon, 08 Jul 2019 @ 08:18:29

Cracking Passwords & MDXfind (Cyphercon 2.0)
"MDXfind is a program which allows you to run large numbers of unsolved hashes, using many algorithms, against large number of plaintext words, very quickly."- waffle

Features:

- Multi-platform: AIX, ARMv6, ARMv7, ARMv8, FreeBSD 8.1+, Linux (32/64), macOS/OS x, Power8, Windows (32/64)
- Multi-algorithm: Can try 536 different core algorithm combinations/variants as observed in the wild - in parallel in a single job, using Judy arrays
- Multi-iteration: can try thousands of iteration counts of any of these core algorithms - also in a single job (effectively millions of end-result algorithms)
- Efficient handling of very large hashlists (100M+) and large wordlists
- Can handle plaintexts of lengths up to 10,000 characters
- Directory recursion for wordlists
- Can take input from stdin
- Can process lists of hashes with mixed algorithms types (output indicates the algorithm; use mdsplit to separate out into per-algorithm lists)
- Supports simple regex for including and excluding hash types by name
- Ability to skip X words from beginning of a wordlist (can be used for simple distribution of work)
- Support for rotated and truncated hashes
- Real-world transformation automation: email address munging, Unicode expansion, HTML escapes
- Read salts, usernames, suffixes, and/or rules from external files
- Configurable CPU thread count
- Apply multiple rules files (either in series or as dot-product)
- Ability to generate any supported hashes and iteration counts (using -z)

When to use it

- If you have a mix of hash types
- If you're not sure what type of hash you have
- If you have many words to try on many hashes
- On GPU-unfriendly algorithms
- To quickly cull common plains from a very large hashlist
- To quickly process many previous hashlists - with new candidate plaintexts, when new algorithms appear, with new rules, etc.

Source: https://www.techsolvency.com/pub/bin/mdxfind/
HK thread: https://forum.hashkiller.co.uk/topic-view.aspx?t=16325&m=115659

https://youtu.be/JLQAXtV85VY
Duration: 35:34


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
kevtheskin

Status: Member
Joined: Wed, 21 Feb 2018
Posts: 365
Team:
Reputation: 238 Reputation
Offline
Wed, 10 Jul 2019 @ 11:13:52

freeroute said:

Cracking Passwords & MDXfind (Cyphercon 2.0)
"MDXfind is a program which allows you to run large numbers of unsolved hashes, using many algorithms, against large number of plaintext words, very quickly."- waffle

Features:

- Multi-platform: AIX, ARMv6, ARMv7, ARMv8, FreeBSD 8.1+, Linux (32/64), macOS/OS x, Power8, Windows (32/64)
- Multi-algorithm: Can try 536 different core algorithm combinations/variants as observed in the wild - in parallel in a single job, using Judy arrays
- Multi-iteration: can try thousands of iteration counts of any of these core algorithms - also in a single job (effectively millions of end-result algorithms)
- Efficient handling of very large hashlists (100M+) and large wordlists
- Can handle plaintexts of lengths up to 10,000 characters
- Directory recursion for wordlists
- Can take input from stdin
- Can process lists of hashes with mixed algorithms types (output indicates the algorithm; use mdsplit to separate out into per-algorithm lists)
- Supports simple regex for including and excluding hash types by name
- Ability to skip X words from beginning of a wordlist (can be used for simple distribution of work)
- Support for rotated and truncated hashes
- Real-world transformation automation: email address munging, Unicode expansion, HTML escapes
- Read salts, usernames, suffixes, and/or rules from external files
- Configurable CPU thread count
- Apply multiple rules files (either in series or as dot-product)
- Ability to generate any supported hashes and iteration counts (using -z)

When to use it

- If you have a mix of hash types
- If you're not sure what type of hash you have
- If you have many words to try on many hashes
- On GPU-unfriendly algorithms
- To quickly cull common plains from a very large hashlist
- To quickly process many previous hashlists - with new candidate plaintexts, when new algorithms appear, with new rules, etc.

Source: https://www.techsolvency.com/pub/bin/mdxfind/
HK thread: https://forum.hashkiller.co.uk/topic-view.aspx?t=16325&m=115659

https://youtu.be/JLQAXtV85VY
Duration: 35:34


Thanks peeps, Could you maybe give a wee example of the syntax please. Cheers hope your well Kev


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3594
Team:
Reputation: 10311 Reputation
Online
Wed, 10 Jul 2019 @ 17:43:19

Unfortunately mdxfind's manual is undocumented. Some basic commands: https://paste.hashkiller.co.uk/dgqnvH54


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
kevtheskin

Status: Member
Joined: Wed, 21 Feb 2018
Posts: 365
Team:
Reputation: 238 Reputation
Offline
Wed, 10 Jul 2019 @ 21:14:38

freeroute said:

Unfortunately mdxfind's manual is undocumented. Some basic commands: https://paste.hashkiller.co.uk/dgqnvH54


Thanks for this. Cheers Kev.


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3594
Team:
Reputation: 10311 Reputation
Online
Mon, 15 Jul 2019 @ 17:03:43

RegEx

Negative look-ahead is denoted (?! ... ).
Example: \d+(?!\.) matches a sequence of digits NOT followed by a decimal point.


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3594
Team:
Reputation: 10311 Reputation
Online
Mon, 15 Jul 2019 @ 19:27:24

This topic is only indirectly related to the hash cracking. However, it is often very helpful. Basic thing. Every cracker needs to know. It often makes everyday work easier.
Regular expressions: https://www.johndcook.com/blog/2019/06/19/why-regex/


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3594
Team:
Reputation: 10311 Reputation
Online
Fri, 02 Aug 2019 @ 10:15:57

pydictor
A powerful and useful dictionary builder for a brute-force attack
Compatible with OS Windows, Linux or Mac.


"You can generate highly customized and complex wordlist by modify multiple configuration files, add your own dictionary, using leet mode,
ilter by length、char occur times、types of different char、regex, even customized own encryption function by modify /lib/fun/encode.py test_encode function. its very relevant to generate good or bad password wordlist with your customized rules and skilled use of pydictor."

types of generate wordlist(14 types)and descriptions

base 1 basic wordlist
char 2 custom character wordlist
chunk 3 permutation and combination wordlist
conf 4 based on configuration file wordlist
sedb 5 social engineering wordlist
idcard 6 id card last 6/8 char wordlist
extend 7 extend wordlist based on rules
scratch 8 wordlist based on web pages keywords
passcraper 9 wordlist against to web admin and users
handler 10 handle the input file generate wordlist
uniqifer 11 unique the input file and generate wordlist
counter 12 word frequency count wordlist
combiner 13 combine the input file generate wordlist
uniqbiner 14 combine and unique the input file generate wordlist

Full tutorial
Github link


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3594
Team:
Reputation: 10311 Reputation
Online
Thu, 17 Oct 2019 @ 13:34:52

Sector, October 10, 2019 - Hashes, hashes everywhere, but all I see is plaintext (Will Hunt)

"I will recap traditional cracking techniques before utilising combinator attacks to challenge recent password guidance of passphrases over passwords. I will then focus on more advanced methods, leveraging additional tools to launch attacks such as Fingerprint, PRINCE and Purple Rain. Non-deterministic techniques will be shown that are designed for infinite runtime, resulting in candidate generation that traditional dictionaries and rules would never achieve. An example algorithm will then be targeted that prohibits us from attacking with GPUs, after which the talk will conclude with attacks against non-ASCII
characters, utilising hex to attack foreign character passwords."


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
kevtheskin

Status: Member
Joined: Wed, 21 Feb 2018
Posts: 365
Team:
Reputation: 238 Reputation
Offline
Fri, 18 Oct 2019 @ 22:48:03

freeroute said:

Sector, October 10, 2019 - Hashes, hashes everywhere, but all I see is plaintext (Will Hunt)

"I will recap traditional cracking techniques before utilising combinator attacks to challenge recent password guidance of passphrases over passwords. I will then focus on more advanced methods, leveraging additional tools to launch attacks such as Fingerprint, PRINCE and Purple Rain. Non-deterministic techniques will be shown that are designed for infinite runtime, resulting in candidate generation that traditional dictionaries and rules would never achieve. An example algorithm will then be targeted that prohibits us from attacking with GPUs, after which the talk will conclude with attacks against non-ASCII
characters, utilising hex to attack foreign character passwords."


This was a brilliant presentation . Even I nearly understood it :. Big thanks peeps for posting this. Cheers Kev


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3594
Team:
Reputation: 10311 Reputation
Online
Sun, 20 Oct 2019 @ 12:28:00

Combinator Attack - dictionary combined with dictionary

hashcat attack mode: -a 1

Examples

Download basic wordlists: google-10000-english-usa.txt or google-10000-english.txt and 20k.txt

Link: https://github.com/first20hours/google-10000-english
"This repo contains a list of the 10,000 most common English words in order of frequency, as determined by n-gram frequency analysis of the Google's Trillion Word Corpus."

For testing purpose I downloaded a 424 DB collection. It contains 3.2M MD5 hashes from 424 DBs.

Full howto can be read here: https://paste.hashkiller.co.uk/oHDoerm1


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3594
Team:
Reputation: 10311 Reputation
Online
Sun, 20 Oct 2019 @ 14:40:40

Passwords ending with space character:

freeroute@hashcat:~/wordlist_test$ hashcat -O --potfile-disable -w 3 -m 0 -a 0 md5_424dbs-collection_left.txt /usr/share/wordlists/combinator/20k-combined-mid-space -j '$ '

02ed39dbe0d61a668ae349b33a552cdc:be smart
6597263de5f908158ac08d405ff40049:take action
cd4933c964065c2c4d195a39f2c8fec3:fish ka
d8146665c23ad6c127078374ca7af0ce:saint saint
5c358f48ea2f5f596f234584564f5ff4:da cool
331befe7c16fb754cec277f9a167b9d2:broken heart
71c9c5f7173a0b1253165f8256e3fccb:daniel perez
aa7ba0f25a07a182c1b7c9b58adbaf72:sunshine sunshine
351943103d64795aac32c33189b48a52:katy c

freeroute@hashcat:~/wordlist_test$ hashcat -O --potfile-disable -w 3 -m 0 -a 0 md5_424dbs-collection_left.txt /usr/share/wordlists/combinator/20k-combined -j '$ '

5661ea67e136864653c9f946e665f5fb:nisha
4497bd6d95129b3832b6e5d87ad19bbf:nailman
e10ba8fdc68136eb306a665872b99c3f:zenit
442a35ceb3405a085842cf294e3d3be9:syncmaster
3c9cd17f2d62e9810875b5d5282c0c14:jargin
c6f963635f71893fafede1874f257642:leonvet
e8a0d4cb77ab2402925f4f06beb3b3b3:isabelle
3d1bfcbb0d061c7892e4ec404d685665:mugpanel
295f5b0c512166e09bfb7faddfd26f36:france
82366a4df8d54aa8fd96a0356efa06a8:chillout
5c38cc628edca416a63937688a988489:gloriakat
58cae2f763444d7b9fca9a5fe0808916:kika
51d75befd72a4fc1906a6b418792ce56:egomania
54a85edb4ff320b20e91fa716680a6f4:heckfy
746591057ce3fea63123e23042b60177:canescuba
7ee1f36c930c86ddbba3a0dcb0ba788d:elmor
d4f6348790f37b0d1a9cb17e77aa0e08:borisov
e6ff8f1f37fd48a30e57b554f4e61023:stairway
7d33099d1b32ea88d44eb38f4db6992a:hannah
...

Passwords ending with "!" character:
freeroute@hashcat:~/wordlist_test$ hashcat -O --potfile-disable -w 3 -m 0 -a 0 md5_424dbs-collection_left.txt /usr/share/wordlists/combinator/20k-combined -j '$!'

b4e9b6254b4fc3795526dfa73a767886:bananas!
a10dc5565e59a1fc11ce8900f3d92882:glowstick!
5da1df5e745e7def52c2df015b0b9d59:daisydog!
77ec58b4f64b3b8b4dbd159db27922dc:gingersnap!
d6d2eac68806138300a2b8c6b825dd68:skaters!
be7d5235d98d38a12457e96bd0ed728e:puppiesrock!
58ef8b86a694a08b196969811967babb:trojans!
9124bdf13f9a6d1ccf1771b6e50b5f1e:freestylemc!
ab1f585d61b87862c0f9417e5f579d70:papaya!
bc645e73017a27eb806e8cd3c8a91657:cubsfan!
39859ecf64bb665b128ae826278ac1ab:cheerios!
9057d8af591d5fcd2291ab8dd01ddee7:peanuts!
9d675e430335368b75a108410fd63f75:edina!
324eaf25dbfc85e3d7879c867bf366d7:idaho!
a11e36dac1adbe5394cb9406627f2f70:cooper!
3bc7b9bef3926f3b0907ad7f7646ade3:spider!
c3ce3187fe3e3421697c23d21ba72cb0:montana!
3e7197ecea90b6c3fab7a21414196ac0:snoopy!

freeroute@hashcat:~/wordlist_test$ hashcat -O --potfile-disable -w 3 -m 0 -a 0 md5_424dbs-collection_left.txt /usr/share/wordlists/combinator/20k-combined-mid-space -j '$!'

Found only 1 hash: c8a5a79c6bebd53b2c32418dedc0083f:truck yeah!


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3594
Team:
Reputation: 10311 Reputation
Online
Tue, 29 Oct 2019 @ 08:21:02

Fingerprint Attack method step-by-step

Main steps:

Expand previously cracked passwords
Combinate the resulting file with itself
Expand your wordlist
Repeate and repeate the last 2 steps again

First install hashcat-utils.
Documentation: https://hashcat.net/wiki/doku.php?id=hashcat_utils

We will need the "Expander" from the hashcat-utils - this program is the heart of the Fingerprint Attack.
Each word going into STDIN is parsed and split into all its single chars, mutated and reconstructed and then sent to STDOUT.
Important: make sure you unique the output afterwards. (always use command "sort -u"

I recommend recompile the source file expander.c with this parameter because the default value is (#define LEN_MAX 4).

#define LEN_MIN 1
#define LEN_MAX 8

Full article can be read here: https://paste.hashkiller.co.uk/r7pQNAWn


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3594
Team:
Reputation: 10311 Reputation
Online
Thu, 31 Oct 2019 @ 11:03:34

Dedupe massive wordlists without changing order

"The duplicut tool finds and removes duplicate entries from a wordlist, without changing the order, and without getting OOM on huge wordlists whose size exceeds available memory. ... [W]ritten in C, and optimized to be as fast and memory frugal as possible."

Refreshingly simple installation and syntax:
make release./duplicut WORDLIST_WITH_DUPLICATES -o NEW_CLEAN_WORDLIST


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
Savestatus

Status: n/a
Joined: Fri, 01 Nov 2019
Posts: 1
Team:
Reputation: 0 Reputation
Offline
Mon, 04 Nov 2019 @ 15:50:31

Actually Hashcat has an stdout mode in which it dumps out password candidates to stdout for whichever password list you specify with rules applied to the candidates.

So you can make a very simple script that reads from stdin with one if statement to check if the candidate is the password you're looking for

And then just pipe hashcat's stdout to the script.

Using rules on WPA seems like a crazy idea though, on slow algorithms plain wordlists are king.

You know what I'm talking about



105 Results - Page 4 of 4 -
1 2 3 4

We have a total of 211011 messages in 25901 topics.
We have a total of 22940 registered users.
Our newest registered member is bfsw.