NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - General Discussion - Tip of the day


118 Results - Page 3 of 4 -
1 2 3 4
Author Message
Avatar
kevtheskin

Status: Member
Joined: Wed, 21 Feb 2018
Posts: 391
Team:
Reputation: 261 Reputation
Online
Mon, 18 Feb 2019 @ 19:33:44

ukris said:

kevtheskin said:


Sorry peeps still dont understand?

Are you saying you do not understand the concept of counting?


Yep counting in respect to wordlisr?


Avatar
justdude

Status: Banned
Joined: Sat, 06 Oct 2018
Posts: 15
Team:
Reputation: 5 Reputation
Offline
Mon, 18 Feb 2019 @ 19:48:53

WARNING! User is BANNED and maybe a SCAMMER.

kevtheskin said:


Yep counting in respect to wordlisr?

You crack a load of hashes and find things like password123
or other similar dumb passwords keep cropping up

In the wordlist created from cracking the hashes, you keep the
count of the number of times you found password123, or whatever,
so now you know which passwords are more likely for the next
time you want to crack some hashes


Avatar
kevtheskin

Status: Member
Joined: Wed, 21 Feb 2018
Posts: 391
Team:
Reputation: 261 Reputation
Online
Mon, 18 Feb 2019 @ 20:56:48

justdude said:

kevtheskin said:


Yep counting in respect to wordlisr?

You crack a load of hashes and find things like password123
or other similar dumb passwords keep cropping up

In the wordlist created from cracking the hashes, you keep the
count of the number of times you found password123, or whatever,
so now you know which passwords are more likely for the next
time you want to crack some hashes


Thanks for your reply peeps. Cheers Kev


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3744
Team:
Reputation: 10537 Reputation
Online
Thu, 21 Feb 2019 @ 08:37:08

"Most of the time, we find hashes to crack via shared pastes websites. Isolating the hashes by hand can be a time consuming process; for that reason we are going to use regular expressions to make our life easier!"
A cheat-sheet for password manipulating


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
vetronexe

Status: Trusted
Joined: Sun, 25 Mar 2018
Posts: 165
Team:
Reputation: 371 Reputation
Offline
Fri, 08 Mar 2019 @ 19:38:22

Tip 1:

Did you know you can search a database of over 2'698'490'635 cracked hashes from private submissions to several hundred public leaks.

Step 1: Navigate to https://hashes.org/search.php

Step 2: Paste up to 1000 hashes separated by newlines into the form.

Step 3: Complete the Captcha Check and submit.

If the hashes are in the database and have been cracked by the community who support hashes.org they will be displayed with an optional link to post to the forum.

Tip 2:

By having an account on hashes.org you can use the API to search for hashes. This can be done up to 20 hashes per minute enforced by checking during a 5 minute window allowing you to overuse the API for short periods with a required cool down afterwords.

How is this useful? You can create and use a script in your favorite browser to search the API with whatever text is currently highlighted by your cursor on the page (ie hashes on the forum) to check if they have been already cracked.


Thanks for reading and +rep if you find this information useful.


+Rep if I helped is appreciated

BTC: 19X89GXjGP1Z32ExS13AJbRj5VwQgr5yoK

Avatar
Outreach

Status: n/a
Joined: Tue, 12 Mar 2019
Posts: 3
Team:
Reputation: 0 Reputation
Offline
Tue, 12 Mar 2019 @ 13:23:10

Thanks for all of this!

Can i ask a question at the same time?
I'm trying to start a new thread for a question i'm having, but i keep getting an error 'req' and can post new threads.

Anything I should do ?

Thanks!


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3744
Team:
Reputation: 10537 Reputation
Online
Sat, 16 Mar 2019 @ 11:57:05

Pipal, Password Analyser

Pipal project page for a full walk through of a sample analysis.

Usage: pipal [OPTION] ... FILENAME

--help, -h, -?: show help
--top, -t X: show the top X results (default 10)
--output, -o filename: output to file
--gkey Google Maps API key: to allow zip code lookups (optional)
--list-checkers: Show the available checkers and which are enabled
--verbose, -v: Verbose


FILENAME: The file to count


Source code: https://github.com/digininja/pipal

Example output: https://paste.hashkiller.co.uk/vvvgDGju


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3744
Team:
Reputation: 10537 Reputation
Online
Mon, 18 Mar 2019 @ 08:13:47

Generate dictionary file statistics and mask file for hashcat with statsgen.

"PACK was developed in order to aid in a password cracking competition “Crack Me If You Can” that occurred during Defcon 2010. The goal of this toolkit is to aid in preparation for the “better than bruteforce” password attacks by analyzing common ways that people create passwords. After the analysis stage, the statistical database can be used to generate attack masks for tools such as Hashcat.

NOTE: This tool itself can not crack passwords, but helps other tools crack more passwords faster."
NOTE 2: PACK is a part of Kali Repo. It can be installed by the apt package manager or from github

Source file: https://github.com/iphelix/pack

Usage: statsgen [options] passwords.txt (or python statsgen.py [options] passwords.txt if installed from source code)

Example command: "statsgen -o password.masks /usr/share/wordlists/10k-most-common.txt"

Output: https://paste.hashkiller.co.uk/b4p7m6z0


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3744
Team:
Reputation: 10537 Reputation
Online
Tue, 19 Mar 2019 @ 12:06:50

John the Ripper Cheat Sheet

Official repo for the Jumbo version of John the Ripper: https://github.com/magnumripper/JohnTheRipper


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3744
Team:
Reputation: 10537 Reputation
Online
Mon, 25 Mar 2019 @ 07:48:07

Dubmash hashes - password analysis

Analyzed total 7,664 thousand hashes.

After sort, uniq there are total unique password entries = 105213

Pipal password analyzer output: https://paste.hashkiller.co.uk/hrUPnBUf
Statsgen password analyzer, generated masks: https://paste.hashkiller.co.uk/GKzDz88X


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3744
Team:
Reputation: 10537 Reputation
Online
Mon, 25 Mar 2019 @ 12:35:23

Generate cryptographic standard hashes with "hashrat".

"Hashrat is a cryptographic hash-generation utility that supports the md5, sha1, sha256, sha512, whirlpool, jh-224, jh256, jh-384 and jh-512 hash functions, and also the HMAC versions of those functions. It can output in traditional format (same as md5sum and shasum and the like) or it's own format. Hashes can be output in octal, decimal, hexadecimal, uppercase hexadecimal or base64.

Hashrat also supports directory recursion, hashing entire devices, and generating a hash for an entire directory. It has a CGI mode that can be used as a web-page to lookup hashes."

Source: https://github.com/ColumPaget/Hashrat

Usage: hashrat [options] [paths]...

Functions:

Password Generator
File Integrity Checker
Find duplicate files
Find file matching hash

Command: cat wordlist

password
cat
hashcat
summer
1234

Create md5 hashlist: cat wordlist | hashrat -type md5 -lines

5f4dcc3b5aa765d61d8327deb882cf99
d077f244def8a70e5ea758bd8352fcd8
8743b52063cd84097a65d1633f5c74f5
6b1628b016dff46e6fa35684be6acc96
81dc9bdb52d04dc20036dbd8313ed055

Create md5 base 64 encoded hashlist: cat wordlist | hashrat -64 -type md5 -lines

X03MO1qnZdYdgyfeuILPmQ==
0HfyRN74pw5ep1i9g1L82A==
h0O1IGPNhAl6ZdFjP1x09Q==
axYosBbf9G5vo1aEvmrMlg==
gdyb21LQTcIANtvYMT7QVQ==

Create md5 hexidecimal encoded hashlist: cat wordlist | hashrat -HEX -type md5 -lines

5F4DCC3B5AA765D61D8327DEB882CF99
D077F244DEF8A70E5EA758BD8352FCD8
8743B52063CD84097A65D1633F5C74F5
6B1628B016DFF46E6FA35684BE6ACC96
81DC9BDB52D04DC20036DBD8313ED055

Create SHA1 hashlist: cat wordlist | hashrat -type sha1 -lines

5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
9d989e8d27dc9e0ec3389fc855f142c3d40f0c50
b89eaac7e61417341b710b727768294d0e6a277b
6420ed4d831b436d1e92d25605d18297296374e3
7110eda4d09e062aa5e4a390b0a572ac0d2c0220

Create SHA256 hashlist: cat wordlist | hashrat -type sha256 -lines

5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
77af778b51abd4a3c51c5ddd97204a9c3ae614ebccb75a606c3b6865aed6744e
127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935
e83664255c6963e962bb20f9fcfaad1b570ddf5da69f5444ed37e5260f3ef689
03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
xaddo

Status: Trusted
Joined: Tue, 16 Jun 2015
Posts: 133
Team:
Reputation: 188 Reputation
Online
Mon, 01 Apr 2019 @ 18:25:49

UrbanDictionary.com 2019 wordlist

https://mega.nz/#!VFchlQKL!yDUKrti3Q51i_cUyHlmlwBiRorCV7ZAOV769QU9gP1Q

It was scraped years ago, but newer is always better right?

urban dictionary phrases.txt = "thot patrol"

urban dictionary phrases-no spaces.txt = "thotpatrol"

urbandictionary single words.txt = "thot"


xaddo@xmpp.jp

btc: 3Lx5eXvKTdTVgh8FZiPJFiJqKm5teoFbj7
eth: 0x6e759E6De45E1E465a91519F0C37bc7140914431

Avatar
Clav17

Status: Cracker
Joined: Sun, 01 May 2016
Posts: 644
Team:
Reputation: 545 Reputation
Offline
Mon, 08 Apr 2019 @ 13:33:47

Import directly hash list from hashes.org leftlist from URL in hashtopolis:
1)Synopsis: Basically, hashes.org blocks the download requests when referer header isn't containing at least the string: "hashes.org". The owners didn't block anything, in fact, we can bypass this
https://paste.hashkiller.co.uk/cBhAgtSo


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3744
Team:
Reputation: 10537 Reputation
Online
Sun, 14 Apr 2019 @ 20:40:12

"You are not a team because you work together. You are a team because you trust, respect and care for each other."


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
Clav17

Status: Cracker
Joined: Sun, 01 May 2016
Posts: 644
Team:
Reputation: 545 Reputation
Offline
Mon, 15 Apr 2019 @ 21:55:22

freeroute said:

"You are not a team because you work together. You are a team because you trust, respect and care for each other."

You just said the truth, I will tell the reality (in general based on my experiences) :
"You are not a team because you work together. You are a team because you are suspicious, unsure and exploit each other for your own interest."


Avatar
jerry

Status: Banned
Joined: Tue, 16 Apr 2019
Posts: 18
Team:
Reputation: 0 Reputation
Offline
Tue, 16 Apr 2019 @ 08:59:19

WARNING! User is BANNED and maybe a SCAMMER.

Clav17 said:


You just said the truth, I will tell the reality (in general based on my experiences) :
"You are not a team because you work together. You are a team because you are suspicious, unsure and exploit each other for your own interest."

You look have bad experience with team workings
Find joy instead with gpuhash


Avatar
Darkos

Status: n/a
Joined: Thu, 25 Apr 2019
Posts: 5
Team:
Reputation: 0 Reputation
Offline
Mon, 29 Apr 2019 @ 09:04:56

Thanks for all these tips ! Good job !


Avatar
billay334

Status: n/a
Joined: Sat, 25 May 2019
Posts: 21
Team:
Reputation: 0 Reputation
Offline
Sun, 26 May 2019 @ 18:01:49

gracias for all of these tips :O


Avatar
simaservis1108

Status: n/a
Joined: Mon, 20 May 2019
Posts: 8
Team:
Reputation: 0 Reputation
Offline
Sun, 02 Jun 2019 @ 00:02:26

Good tips,many thanks!!


Avatar
mibroot

Status: n/a
Joined: Sat, 08 Jun 2019
Posts: 7
Team:
Reputation: 0 Reputation
Offline
Sat, 08 Jun 2019 @ 01:40:20

Thank you for the tips


Avatar
xaddo

Status: Trusted
Joined: Tue, 16 Jun 2015
Posts: 133
Team:
Reputation: 188 Reputation
Online
Mon, 10 Jun 2019 @ 20:31:48

Here is a useful tool for converting wordlists (or any list of text) into md5/sha1/sha256/sha512 hashes quickly:

https://quickhash-gui.org

Useful in cases such as freeroute posted earlier, where you may have an algo similar to edmodo's BcryptMD5pass but no default support for it in whatever program you're using. It was able to convert probable's top 29 million passes into MD5 in less than 2 minutes. Make sure to select the "source text excluded in output" option or you'll get a giant csv with both the plaintext and hash, unless of course you want that but prepare for very large files.


xaddo@xmpp.jp

btc: 3Lx5eXvKTdTVgh8FZiPJFiJqKm5teoFbj7
eth: 0x6e759E6De45E1E465a91519F0C37bc7140914431

Avatar
kul2osh

Status: n/a
Joined: Sat, 08 Jun 2019
Posts: 1
Team:
Reputation: 0 Reputation
Offline
Wed, 12 Jun 2019 @ 07:56:01

Thank you


Avatar
JJHASH2

Status: n/a
Joined: Sun, 16 Jun 2019
Posts: 1
Team:
Reputation: 0 Reputation
Offline
Sun, 16 Jun 2019 @ 21:36:11

Thanks for this, im sure people on here will put this information to good use.


Avatar
Reese33

Status: n/a
Joined: Thu, 13 Jun 2019
Posts: 9
Team:
Reputation: 0 Reputation
Offline
Thu, 20 Jun 2019 @ 13:15:21

thank you


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3744
Team:
Reputation: 10537 Reputation
Online
Thu, 20 Jun 2019 @ 13:23:21

Thanks for your feedback.
If there is a need for it, there will be more "Tips of the day". Because there was no feedback, It was neglected.
And feel free to share your useful tips, of course. It's not a restricted area...


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3744
Team:
Reputation: 10537 Reputation
Online
Fri, 21 Jun 2019 @ 11:34:18

Some real and not so big wordlists.


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
kevtheskin

Status: Member
Joined: Wed, 21 Feb 2018
Posts: 391
Team:
Reputation: 261 Reputation
Online
Mon, 24 Jun 2019 @ 18:41:41

freeroute said:

Some real and not so big wordlists.


Greetings peeps. Cheers for the links and all your tips.

Kev


Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3744
Team:
Reputation: 10537 Reputation
Online
Thu, 04 Jul 2019 @ 07:51:28

Remote wordlist with hashcat (in case you have limited drive space to store the wordlist on the machine running hashcat)

Code:

Source: https://github.com/hashcat/hashcat/issues/1416


XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3744
Team:
Reputation: 10537 Reputation
Online
Fri, 05 Jul 2019 @ 12:08:28

Recover your SSH server private key's encrypted password with John the Ripper (without rules)

Note: I copied the server public and private keys to the /root/ssh_key_test/ directory. John the Ripper installed to /usr/local/src/ from github.

Run ssh2john in order to converts your key file into a format that JTR understands. :

Code:
/usr/local/src/john/run/ssh2john.py /root/ssh_key_test/id_rsa >id_rsa_john

List of files:

root@hashtopolis:~/ssh_key_test# ls
id_rsa id_rsa.john id_rsa.pub

Run John the Ripper:

root@hashtopolis:~/ssh_key_test#

Code:
/usr/local/src/john/run/john --format=SSH --wordlist=/usr/share/wordlists/rockyou.txt id_rsa.john 

Using default input encoding: UTF-8
Loaded 1 password hash (SSH [RSA/DSA/EC/OPENSSH (SSH private keys) 32/64])
Cost 1 (KDF/cipher [0=MD5/AES 1=MD5/3DES 2=Bcrypt/AES]) is 0 for all loaded hashes
Cost 2 (iteration count) is 1 for all loaded hashes
Will run 8 OpenMP threads
Note: This format may emit false positives, so it will keep trying even after
finding a possible candidate.
Press 'q' or Ctrl-C to abort, almost any other key for status
letmein (id_rsa)

Show found password(s):

root@hashtopolis:~/ssh_key_test#

Code:
/usr/local/src/john/run/john --format=SSH id_rsa.john --show

id_rsa:letmein



XMPP: freeroute@xmpp.jp
General rules | Paid section rules

Avatar
freeroute
Moderator
Status: Trusted
Joined: Sat, 16 Jul 2016
Posts: 3744
Team:
Reputation: 10537 Reputation
Online
Sat, 06 Jul 2019 @ 07:55:35

Recover your SSH server private key's encrypted password with John the Ripper with rules
Expand capabilities of John the Ripper with KoreLogic's Custom rules.

Download KoreLogic's Custom rules

To use KoreLogic's rules in John the Ripper: download the rules file and append the rules to the john.conf file.

Code:
cat rules.txt >> john.conf

List All the Rules:

Code:
for ruleset in `grep KoreLogicRules /usr/local/src/john/run/john.conf | cut -d: -f 2 | cut -d\] -f 1`; do echo ${ruleset}; done

Output: https://paste.hashkiller.co.uk/F6pA94w0

Usage:

Code:
/usr/local/src/john/run/john --format=SSH --wordlist= /usr/share/wordlists/rockyou.txt --rules=KoreLogicRulesAppendJustNumbers id_rsa_john 


XMPP: freeroute@xmpp.jp
General rules | Paid section rules


118 Results - Page 3 of 4 -
1 2 3 4

We have a total of 216628 messages in 26489 topics.
We have a total of 23362 registered users.
Our newest registered member is ne14abj.