NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - General Discussion - Tip of the day


113 Results - Page 4 of 4 -
1 2 3 4
Author Message
Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
Sun, 07 Jul 2019 @ 14:25:42

Recover gpg passphrase using John the Ripper
If you forgot your GPG key passphrase, JTR is able to recover it again.

Here it is how: https://paste.hashkiller.co.uk/MjbFZcr9


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
Mon, 08 Jul 2019 @ 08:18:29

Cracking Passwords & MDXfind (Cyphercon 2.0)
"MDXfind is a program which allows you to run large numbers of unsolved hashes, using many algorithms, against large number of plaintext words, very quickly."- waffle

Features:

- Multi-platform: AIX, ARMv6, ARMv7, ARMv8, FreeBSD 8.1+, Linux (32/64), macOS/OS x, Power8, Windows (32/64)
- Multi-algorithm: Can try 536 different core algorithm combinations/variants as observed in the wild - in parallel in a single job, using Judy arrays
- Multi-iteration: can try thousands of iteration counts of any of these core algorithms - also in a single job (effectively millions of end-result algorithms)
- Efficient handling of very large hashlists (100M+) and large wordlists
- Can handle plaintexts of lengths up to 10,000 characters
- Directory recursion for wordlists
- Can take input from stdin
- Can process lists of hashes with mixed algorithms types (output indicates the algorithm; use mdsplit to separate out into per-algorithm lists)
- Supports simple regex for including and excluding hash types by name
- Ability to skip X words from beginning of a wordlist (can be used for simple distribution of work)
- Support for rotated and truncated hashes
- Real-world transformation automation: email address munging, Unicode expansion, HTML escapes
- Read salts, usernames, suffixes, and/or rules from external files
- Configurable CPU thread count
- Apply multiple rules files (either in series or as dot-product)
- Ability to generate any supported hashes and iteration counts (using -z)

When to use it

- If you have a mix of hash types
- If you're not sure what type of hash you have
- If you have many words to try on many hashes
- On GPU-unfriendly algorithms
- To quickly cull common plains from a very large hashlist
- To quickly process many previous hashlists - with new candidate plaintexts, when new algorithms appear, with new rules, etc.

Source: https://www.techsolvency.com/pub/bin/mdxfind/
HK thread: https://forum.hashkiller.co.uk/topic-view.aspx?t=16325&m=115659

https://youtu.be/JLQAXtV85VY
Duration: 35:34


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
kevtheskin

Status: Member
Joined: Wed, 21 Feb 2018
Posts: 390
Team:
Reputation: 261 Reputation
Online
Wed, 10 Jul 2019 @ 11:13:52

freeroute said:

Cracking Passwords & MDXfind (Cyphercon 2.0)
"MDXfind is a program which allows you to run large numbers of unsolved hashes, using many algorithms, against large number of plaintext words, very quickly."- waffle

Features:

- Multi-platform: AIX, ARMv6, ARMv7, ARMv8, FreeBSD 8.1+, Linux (32/64), macOS/OS x, Power8, Windows (32/64)
- Multi-algorithm: Can try 536 different core algorithm combinations/variants as observed in the wild - in parallel in a single job, using Judy arrays
- Multi-iteration: can try thousands of iteration counts of any of these core algorithms - also in a single job (effectively millions of end-result algorithms)
- Efficient handling of very large hashlists (100M+) and large wordlists
- Can handle plaintexts of lengths up to 10,000 characters
- Directory recursion for wordlists
- Can take input from stdin
- Can process lists of hashes with mixed algorithms types (output indicates the algorithm; use mdsplit to separate out into per-algorithm lists)
- Supports simple regex for including and excluding hash types by name
- Ability to skip X words from beginning of a wordlist (can be used for simple distribution of work)
- Support for rotated and truncated hashes
- Real-world transformation automation: email address munging, Unicode expansion, HTML escapes
- Read salts, usernames, suffixes, and/or rules from external files
- Configurable CPU thread count
- Apply multiple rules files (either in series or as dot-product)
- Ability to generate any supported hashes and iteration counts (using -z)

When to use it

- If you have a mix of hash types
- If you're not sure what type of hash you have
- If you have many words to try on many hashes
- On GPU-unfriendly algorithms
- To quickly cull common plains from a very large hashlist
- To quickly process many previous hashlists - with new candidate plaintexts, when new algorithms appear, with new rules, etc.

Source: https://www.techsolvency.com/pub/bin/mdxfind/
HK thread: https://forum.hashkiller.co.uk/topic-view.aspx?t=16325&m=115659

https://youtu.be/JLQAXtV85VY
Duration: 35:34


Thanks peeps, Could you maybe give a wee example of the syntax please. Cheers hope your well Kev


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
Wed, 10 Jul 2019 @ 17:43:19

Unfortunately mdxfind's manual is undocumented. Some basic commands: https://paste.hashkiller.co.uk/dgqnvH54


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
kevtheskin

Status: Member
Joined: Wed, 21 Feb 2018
Posts: 390
Team:
Reputation: 261 Reputation
Online
Wed, 10 Jul 2019 @ 21:14:38

freeroute said:

Unfortunately mdxfind's manual is undocumented. Some basic commands: https://paste.hashkiller.co.uk/dgqnvH54


Thanks for this. Cheers Kev.


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
Mon, 15 Jul 2019 @ 17:03:43

RegEx

Negative look-ahead is denoted (?! ... ).
Example: \d+(?!\.) matches a sequence of digits NOT followed by a decimal point.


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
Mon, 15 Jul 2019 @ 19:27:24

This topic is only indirectly related to the hash cracking. However, it is often very helpful. Basic thing. Every cracker needs to know. It often makes everyday work easier.
Regular expressions: https://www.johndcook.com/blog/2019/06/19/why-regex/


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
Fri, 02 Aug 2019 @ 10:15:57

pydictor
A powerful and useful dictionary builder for a brute-force attack
Compatible with OS Windows, Linux or Mac.


"You can generate highly customized and complex wordlist by modify multiple configuration files, add your own dictionary, using leet mode,
ilter by length、char occur times、types of different char、regex, even customized own encryption function by modify /lib/fun/encode.py test_encode function. its very relevant to generate good or bad password wordlist with your customized rules and skilled use of pydictor."

types of generate wordlist(14 types)and descriptions

base 1 basic wordlist
char 2 custom character wordlist
chunk 3 permutation and combination wordlist
conf 4 based on configuration file wordlist
sedb 5 social engineering wordlist
idcard 6 id card last 6/8 char wordlist
extend 7 extend wordlist based on rules
scratch 8 wordlist based on web pages keywords
passcraper 9 wordlist against to web admin and users
handler 10 handle the input file generate wordlist
uniqifer 11 unique the input file and generate wordlist
counter 12 word frequency count wordlist
combiner 13 combine the input file generate wordlist
uniqbiner 14 combine and unique the input file generate wordlist

Full tutorial
Github link


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
Thu, 17 Oct 2019 @ 13:34:52

Sector, October 10, 2019 - Hashes, hashes everywhere, but all I see is plaintext (Will Hunt)

"I will recap traditional cracking techniques before utilising combinator attacks to challenge recent password guidance of passphrases over passwords. I will then focus on more advanced methods, leveraging additional tools to launch attacks such as Fingerprint, PRINCE and Purple Rain. Non-deterministic techniques will be shown that are designed for infinite runtime, resulting in candidate generation that traditional dictionaries and rules would never achieve. An example algorithm will then be targeted that prohibits us from attacking with GPUs, after which the talk will conclude with attacks against non-ASCII
characters, utilising hex to attack foreign character passwords."


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
kevtheskin

Status: Member
Joined: Wed, 21 Feb 2018
Posts: 390
Team:
Reputation: 261 Reputation
Online
Fri, 18 Oct 2019 @ 22:48:03

freeroute said:

Sector, October 10, 2019 - Hashes, hashes everywhere, but all I see is plaintext (Will Hunt)

"I will recap traditional cracking techniques before utilising combinator attacks to challenge recent password guidance of passphrases over passwords. I will then focus on more advanced methods, leveraging additional tools to launch attacks such as Fingerprint, PRINCE and Purple Rain. Non-deterministic techniques will be shown that are designed for infinite runtime, resulting in candidate generation that traditional dictionaries and rules would never achieve. An example algorithm will then be targeted that prohibits us from attacking with GPUs, after which the talk will conclude with attacks against non-ASCII
characters, utilising hex to attack foreign character passwords."


This was a brilliant presentation . Even I nearly understood it :. Big thanks peeps for posting this. Cheers Kev


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
Sun, 20 Oct 2019 @ 12:28:00

Combinator Attack - dictionary combined with dictionary

hashcat attack mode: -a 1

Examples

Download basic wordlists: google-10000-english-usa.txt or google-10000-english.txt and 20k.txt

Link: https://github.com/first20hours/google-10000-english
"This repo contains a list of the 10,000 most common English words in order of frequency, as determined by n-gram frequency analysis of the Google's Trillion Word Corpus."

For testing purpose I downloaded a 424 DB collection. It contains 3.2M MD5 hashes from 424 DBs.

Full howto can be read here: https://paste.hashkiller.co.uk/oHDoerm1


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
Sun, 20 Oct 2019 @ 14:40:40

Passwords ending with space character:

freeroute@hashcat:~/wordlist_test$ hashcat -O --potfile-disable -w 3 -m 0 -a 0 md5_424dbs-collection_left.txt /usr/share/wordlists/combinator/20k-combined-mid-space -j '$ '

02ed39dbe0d61a668ae349b33a552cdc:be smart
6597263de5f908158ac08d405ff40049:take action
cd4933c964065c2c4d195a39f2c8fec3:fish ka
d8146665c23ad6c127078374ca7af0ce:saint saint
5c358f48ea2f5f596f234584564f5ff4:da cool
331befe7c16fb754cec277f9a167b9d2:broken heart
71c9c5f7173a0b1253165f8256e3fccb:daniel perez
aa7ba0f25a07a182c1b7c9b58adbaf72:sunshine sunshine
351943103d64795aac32c33189b48a52:katy c

freeroute@hashcat:~/wordlist_test$ hashcat -O --potfile-disable -w 3 -m 0 -a 0 md5_424dbs-collection_left.txt /usr/share/wordlists/combinator/20k-combined -j '$ '

5661ea67e136864653c9f946e665f5fb:nisha
4497bd6d95129b3832b6e5d87ad19bbf:nailman
e10ba8fdc68136eb306a665872b99c3f:zenit
442a35ceb3405a085842cf294e3d3be9:syncmaster
3c9cd17f2d62e9810875b5d5282c0c14:jargin
c6f963635f71893fafede1874f257642:leonvet
e8a0d4cb77ab2402925f4f06beb3b3b3:isabelle
3d1bfcbb0d061c7892e4ec404d685665:mugpanel
295f5b0c512166e09bfb7faddfd26f36:france
82366a4df8d54aa8fd96a0356efa06a8:chillout
5c38cc628edca416a63937688a988489:gloriakat
58cae2f763444d7b9fca9a5fe0808916:kika
51d75befd72a4fc1906a6b418792ce56:egomania
54a85edb4ff320b20e91fa716680a6f4:heckfy
746591057ce3fea63123e23042b60177:canescuba
7ee1f36c930c86ddbba3a0dcb0ba788d:elmor
d4f6348790f37b0d1a9cb17e77aa0e08:borisov
e6ff8f1f37fd48a30e57b554f4e61023:stairway
7d33099d1b32ea88d44eb38f4db6992a:hannah
...

Passwords ending with "!" character:
freeroute@hashcat:~/wordlist_test$ hashcat -O --potfile-disable -w 3 -m 0 -a 0 md5_424dbs-collection_left.txt /usr/share/wordlists/combinator/20k-combined -j '$!'

b4e9b6254b4fc3795526dfa73a767886:bananas!
a10dc5565e59a1fc11ce8900f3d92882:glowstick!
5da1df5e745e7def52c2df015b0b9d59:daisydog!
77ec58b4f64b3b8b4dbd159db27922dc:gingersnap!
d6d2eac68806138300a2b8c6b825dd68:skaters!
be7d5235d98d38a12457e96bd0ed728e:puppiesrock!
58ef8b86a694a08b196969811967babb:trojans!
9124bdf13f9a6d1ccf1771b6e50b5f1e:freestylemc!
ab1f585d61b87862c0f9417e5f579d70:papaya!
bc645e73017a27eb806e8cd3c8a91657:cubsfan!
39859ecf64bb665b128ae826278ac1ab:cheerios!
9057d8af591d5fcd2291ab8dd01ddee7:peanuts!
9d675e430335368b75a108410fd63f75:edina!
324eaf25dbfc85e3d7879c867bf366d7:idaho!
a11e36dac1adbe5394cb9406627f2f70:cooper!
3bc7b9bef3926f3b0907ad7f7646ade3:spider!
c3ce3187fe3e3421697c23d21ba72cb0:montana!
3e7197ecea90b6c3fab7a21414196ac0:snoopy!

freeroute@hashcat:~/wordlist_test$ hashcat -O --potfile-disable -w 3 -m 0 -a 0 md5_424dbs-collection_left.txt /usr/share/wordlists/combinator/20k-combined-mid-space -j '$!'

Found only 1 hash: c8a5a79c6bebd53b2c32418dedc0083f:truck yeah!


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
Tue, 29 Oct 2019 @ 08:21:02

Fingerprint Attack method step-by-step

Main steps:

Expand previously cracked passwords
Combinate the resulting file with itself
Expand your wordlist
Repeate and repeate the last 2 steps again

First install hashcat-utils.
Documentation: https://hashcat.net/wiki/doku.php?id=hashcat_utils

We will need the "Expander" from the hashcat-utils - this program is the heart of the Fingerprint Attack.
Each word going into STDIN is parsed and split into all its single chars, mutated and reconstructed and then sent to STDOUT.
Important: make sure you unique the output afterwards. (always use command "sort -u"

I recommend recompile the source file expander.c with this parameter because the default value is (#define LEN_MAX 4).

#define LEN_MIN 1
#define LEN_MAX 8

Full article can be read here: https://paste.hashkiller.co.uk/r7pQNAWn


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
Thu, 31 Oct 2019 @ 11:03:34

Dedupe massive wordlists without changing order

"The duplicut tool finds and removes duplicate entries from a wordlist, without changing the order, and without getting OOM on huge wordlists whose size exceeds available memory. ... [W]ritten in C, and optimized to be as fast and memory frugal as possible."

Refreshingly simple installation and syntax:
make release./duplicut WORDLIST_WITH_DUPLICATES -o NEW_CLEAN_WORDLIST


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
Savestatus

Status: n/a
Joined: Fri, 01 Nov 2019
Posts: 1
Team:
Reputation: 0 Reputation
Offline
Mon, 04 Nov 2019 @ 15:50:31

Actually Hashcat has an stdout mode in which it dumps out password candidates to stdout for whichever password list you specify with rules applied to the candidates.

So you can make a very simple script that reads from stdin with one if statement to check if the candidate is the password you're looking for

And then just pipe hashcat's stdout to the script.

Using rules on WPA seems like a crazy idea though, on slow algorithms plain wordlists are king.

You know what I'm talking about


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
Wed, 27 Nov 2019 @ 09:07:29

"Want to make a password cracker angry, set your pw generator to use only hex chars, 0-9 and a-f, set it to 32 characters long and take the output and wrap it in

$HEX[]

Even when it's cracked and winds up in word lists hashcat will think it's an encoded plain and break workflows"

Source: https://twitter.com/Evil_Mog/status/1199403258499850240?s=09


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
Fri, 29 Nov 2019 @ 12:24:27

Differences Between Fast Hashes and Slow Hashes

"Two Basic Hash Types

- Fast Hashes
- Slow Hashes

Fast hashes are typically cryptographic hashes. These hashes have several design requirements, one of which is that they must be easy to compute. In
other words, they must be fast and efficient to calculate. Why would their designers want them to be fast?

The main reason for the efficiency requirement is that cryptographic hashes are used for such things as message authentication codes (MACs), digital signatures, and other authentication systems as well as for checksums to ensure data integrity during file transfers, etc. For these reasons (and several others) software and hardware that calculate these hashes must be able to do so very quickly with almost no noticeable latency to the end-users of these systems. The faster they are, the better. Some examples of fast hashes include (but are not limited to) MD4, MD5 and SHA-1. These hashes are used extensively by many software and hardware systems and are in general very common.

One advantage to fast hashes is that they are very portable and can be found in programming libraries for most every major programming language. Thus, developers using PHP, C++, Java, C, Ruby, etc. can easily use a fast hash such as MD5 to store user passwords. And, if the developers switch from one language to another, they can do so with the knowledge that MD5 is just a library call away.

Slow hashes, on the other hand, have different design goals. They are expected to be copied and subsequently attacked by crackers. Thus, they are designed to be inefficient and more difficult to calculate. Some examples of these slow hashes are bcrypt, PBKDF2 and scrypt. Also, slow hashes are not as widely available and not as simple to implement as fast hashes"

Source: https://openwall.info/wiki/john/essays/fast-and-slow-hashes


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
Fri, 29 Nov 2019 @ 13:26:04

A good way to test own wordlists is to run them against the data base of wpa-sec:
https://wpa-sec.stanev.org/?nets

It is very simple:
Download help_crack.py from here: https://wpa-sec.stanev.org/hc/help_crack.py
add the wordlist to command line and run the script

for example:
$ ./help_crack.py -dc 1 -cd testwordlist -pot results.potfile
Founds are stored in results.potfile

help_crack.py help: https://paste.hashkiller.co.uk/wJR3AD34


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
4 days ago

A great set of Wordlists and Weak passwords:

- http://weakpass.com
- http://hashes.org
- http://github.com/danielmiessler/SecLists …
- http://github.com/berzerk0/Probable-Wordlists …
- http://github.com/insidetrust/statistically-likely-usernames …

Source: https://twitter.com/trimstray/status/1201777361882173440


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
3 days ago

KoreLogicRulesAppendNumbers_and_Specials_Simple rule

Advice for John the Ripper's users: "This rule is a "catch all" for the most common patterns for appending numbers and/or specials to the end of a word. Use this rule _first_ before attempting other rules that use special characters."


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
2 days ago

jtr offers some nice features, which hashcat doesn't have:

on a pcapng file, do:

$ hcxpcaptool --ignore-fake-frames --ignore-zeroed-pmks --ignore-replaycount -j new.john -z new.john *.pcapng
sort new.john | uniq > newsort.john
$ john --single:all --format=wpapsk-opencl --pot=john.wpa.pot newsort.john

john 1.9.0.jumbo reguired!


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3726
Team:
Reputation: 10494 Reputation
Online
2 days ago

Found a new NETGEAR noun (pant):

a89a93927866:d868c30ce387:MySpectrumWiFi60-2G:pinkpant930

and pushed hcxpsktool update

pant is now confirmed - and combination of hcxpsktool --- JtR is working like a charm

$ hcxpsktool --netgear | grep pant | john --stdin --format=wpapsk-opencl --pot=$HOME/WLAN/Potfiles/john.wpa.pot test.john
no hashes loaded
Device 1@tux1: GeForce GTX 1080 Ti
Using default input encoding: UTF-8
Loaded 3046 password hashes with 3028 different salts (wpapsk-opencl, WPA/WPA2/PMF/PMKID PSK [PBKDF2-SHA1 OpenCL])
Cost 1 (key version [0:PMKID 1:WPA 2:WPA2 3:802.11w]) is 0 for all loaded hashes
Note: Minimum length forced to 2 by format
Press Ctrl-C to abort, or send SIGUSR1 to john process for status
Warning: Only 188700 candidates left, minimum 917504 needed for performance.
pinkpant930 (MySpectrumWiFi60-2G)
smartpant639 (?)
smartpant639 (?)
smartpant639 (?)
pinkpant829 (?)
pinkpant829 (?)
widepant953 (?)
...

Thanks to @ZeroBeat for sharing this information.


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
xut

Status: n/a
Joined: Sat, 18 May 2019
Posts: 224
Team:
Reputation: 104 Reputation
Online
2 days ago


CVE-2019–18396 — Command Injection in Technicolor router

https://medium.com/@c4pt41nnn/cve-2019-18396-command-injection-in-technicolor-router-da5dd2134052



113 Results - Page 4 of 4 -
1 2 3 4

We have a total of 215791 messages in 26389 topics.
We have a total of 23254 registered users.
Our newest registered member is badshaadon.