Top #hashcat tip:
Want per-position duplication in your rules to leverage your GPU?
It's not available in a single op, but you can emulate it by incrementally duplicating the first N chars, and then incrementally deleting the position and frequency of the redundant characters
If you need to sort and dedupe a ton of strings/records, Cynosure Prime member blazer has released rlite, a 'lite' version of rling. I helped debug early versions. A nice balance of performant and simple, but with useful knobs like frequency counting, writing dupes to another file, etc.
(And heavy on the 'performant' - multi-threaded sort + dedupe time for 1.4B records in a 16GB file is 45 seconds on 48 EPYC 7642 cores, and uses 26GB of RAM)
![rlite usage output:
rlite 0.31-3320dbba7c by CynosurePrime (CsP)
A simplified version of the rling tool
Usage: rlite inputfile [ref1] [ref2] [ref3] [options]
Options:
-t [threads] Number of threads where MT is used
-m Enable lookup map, useful for high number of searches
-o [file] Output to a file, defaults to stdout
-n Do not remove duplicates
-c Write items in common between lists
-l [len] Limit matching up to a specified length
-e [char] Limit matching up to a specified character (not implemented)
-p Input list is pre-sorted, do not perform sort
-D [file] Write duplicates to file
-r [dir] Read and recurse a directory (not implemented)
-L, --count Line Count with longest count
-q Occurance analysis outputs as TSV format
-j, --json Output stats as json
Indexing modes:
-i [file] Index to file to disk
-I Index to file memory
-b [num] Select number of bits, 8-64bit supported, use with -i, -I and -m
-s [file] Use with -i [file] or -I, searches the specified index against -s [file]
-k Use with -s Keep misses on index, otherwise keep misses](https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/612/954/213/172/941/original/bd1ab72de1827db7.png "rlite usage output:
rlite 0.31-3320dbba7c by CynosurePrime (CsP)
A simplified version of the rling tool
Usage: rlite inputfile [ref1] [ref2] [ref3] [options]
Options:
-t [threads] Number of threads where MT is used
-m Enable lookup map, useful for high number of searches
-o [file] Output to a file, defaults to stdout
-n Do not remove duplicates
-c Write items in common between lists
-l [len] Limit matching up to a specified length
-e [char] Limit matching up to a specified character (not implemented)
-p Input list is pre-sorted, do not perform sort
-D [file] Write duplicates to file
-r [dir] Read and recurse a directory (not implemented)
-L, --count Line Count with longest count
-q Occurance analysis outputs as TSV format
-j, --json Output stats as json
Indexing modes:
-i [file] Index to file to disk
-I Index to file memory
-b [num] Select number of bits, 8-64bit supported, use with -i, -I and -m
-s [file] Use with -i [file] or -I, searches the specified index against -s [file]
-k Use with -s Keep misses on index, otherwise keep misses")
Next time password cracking comes up conversationally and someone says "And can't you can just use rainbow tables" ... send them this.
https://hashcat.net/faq/rainbowtables
tl;dr They are only worthwhile in a very specific (and rare) set of circumstances.
Today's traditional UNIX crypt / descrypt / hashcat -m 1500 trivia.
if you see a descrypt crack ending in \x8a ... no you didn't.
These actually end in \x0a -- descrypt drops all high bits, turning \x8a into \x0a!
Password cracking tip:
Grow your ability to understand the math of your attack space.
One nice way to practice this: for a given attack, use Wolfram Alpha (or a calculator, etc.) to roughly confirm the math of your tool's ETA for your attack.
If they don't match, check your assumptions, your setup, or your understanding until they do.
In this example, the total number of guesses scheduled for this attack will take these two GPUs, running at the hashrate shown, a little under 46 days to complete.
https://wolframalpha.com/input?i=%281408965009*47622827%29+%2F+%2816989*1000000*60*60*24%29
Practicing this estimation until you can do it very "back of the napkin" / order of magnitude in your head is valuable, just as it is with any "large numbers" effort / industry / exercise.
![Hashcat session showing 18GH/s, wordlist 1.4B lines, & rules file 47M lines.
$ wc -l inputfile
1408965009
$ wc -l rulesfile
47622827
(Mostly) full status text:
Session..........: [redacted]
Status...........: Running
Hash.Mode........: 0 (MD5)
Hash.Target......: [redacted]
Time.Started.....: Thu Oct 17 10:22:10 2024 (1 hour, 51 mins)
Time.Estimated...: Mon Dec 2 02:24:55 2024 (45 days, 15 hours)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (inputfile)
Guess.Mod........: Rules (rulesfile)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 8494.8 MH/s [etc]
Speed.#2.........: 8494.9 MH/s [etc]
Speed.#*.........: 16989.8 MH/s
Recovered........: 975820/50958794 (1.91%) Digests (total), 1985/50958794 (0.00%) Digests (new)
Remaining........: 49982974 (98.09%) Digests
Recovered/Time...: CUR:2,267,N/A AVG:17.80,1068.21,N/A (Min,Hour,Day)
[...]
Candidate.Engine.: Device Generator
Candidates.#1....: [redacted]
Candidates.#2....: [redacted]](https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/324/605/635/958/637/original/c021e8e9741e162e.png "Hashcat session showing 18GH/s, wordlist 1.4B lines, & rules file 47M lines.
$ wc -l inputfile
1408965009
$ wc -l rulesfile
47622827
(Mostly) full status text:
Session..........: [redacted]
Status...........: Running
Hash.Mode........: 0 (MD5)
Hash.Target......: [redacted]
Time.Started.....: Thu Oct 17 10:22:10 2024 (1 hour, 51 mins)
Time.Estimated...: Mon Dec 2 02:24:55 2024 (45 days, 15 hours)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (inputfile)
Guess.Mod........: Rules (rulesfile)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 8494.8 MH/s [etc]
Speed.#2.........: 8494.9 MH/s [etc]
Speed.#*.........: 16989.8 MH/s
Recovered........: 975820/50958794 (1.91%) Digests (total), 1985/50958794 (0.00%) Digests (new)
Remaining........: 49982974 (98.09%) Digests
Recovered/Time...: CUR:2,267,N/A AVG:17.80,1068.21,N/A (Min,Hour,Day)
[...]
Candidate.Engine.: Device Generator
Candidates.#1....: [redacted]
Candidates.#2....: [redacted]")
So ... due to an early obsession with historical BSD hashes ... I have significantly more bcrypt hashrate-per-watt cracking capacity than most solo shops. For bcrypt cost 12, it's about 34Kh/s straight wordlist -- the equivalent of about 17 4090s -- at only 1100W (these old Bitcoin FPGAs are very efficient for bcrypt specifically). And this capacity is intermittently idle, which is kinda a shame.
I haven't really put it out there as something I can help with if needed (outside of the Hashcat team). So ... feel free to ping me if you need bcrypts cracked/audited!
(Reasonable rates, but note that I do have a pretty firmly high bar for provenance / proof of authorization)
(Rat's nest of USB has been cleaned up a bit 
)
Team #Hashcat is pleased to present our much anticipated write-up for this year's #CrackMeIfYouCan contest at #Defcon32
When a target hashlist has a significantly lower percentage of cracks than expected, I've started calling the remaining/missing cracks "dark matter".
Some potential causes of cracking "dark matter":
Site changed methodologies later: switched to a nested hash, added a pepper, HSM, true encryption layer, etc.
High number of automatically random-ish passwords: defaults, resets, bots, randomized on account lock, etc.
Complexity requirements higher than expected: high minimum length, etc.
Attacker (me) is missing key info: language, encoding, demographics, etc.
What could other causes be?
One example why to use strong #passwords for users who use file sharing over #SMB even when the file transfers are #encrypted.
If the SMB traffic is captured/eavesdropped, then the attacker can try to crack the user password.
The attacker is able to extract challenge/response values from the Session Setup and then use #passwordcracking tools such as #hashcat
If the attack is successful, the attacker will gain not only the access to the user account, but it is also possible to decrypt the captured SMB file transfers. There is lack of perfect forward secrecy in this encryption.
For more details and practical examples, see this blog post:
@tomshardware The only RTX A6000 hashcat benchmark I could find was from v6.1.1 @ 121.5GH/s, but still, that's enough poke to exhaust a full key space 10-char NTLM in 38 days.
No, NCSC¹, passphrases of only three (or even four) random words are not sufficient - unless the user knows that the password hashing method is a "slow" one (bad for the attacker). Which is rarely guaranteed.
1025 combinations -- six words from a pool of 20K words, or five words from a pool of 100K words -- should be considered the minimum.
¹https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/three-random-words
:boosts_welcome:
I bought these cool little NXP - NTAG213 "business cards" from the clearance section at Walmart. They're branded as "popl PhoneCard". They have a hard coded hyperlink to popl.com with some tracking data to link it to an account that you have to access with a sketchy app. They're password locked so I can't rewrite them. I looked it up & found "74657329" in hex or "tes)" in ASCII to be the password, but neither of these work for these cards & the posts I found are all old. I don't have the equipment to sniff a password from the app, if it even does that which I doubt. Is there a way to crack NFC card passwords from an Android phone?
#NFC #PasswordCracking #ntag213
Cracked the Plexus P/20 System V 2.0 descrypt password hashes seen on the recent Adrian's Digital Basement video: https://www.youtube.com/watch?v=iltZYXg5hZw
SLW/he1AY2Gzc:(empty password)
RvXYLt8J1q1bk:(empty password)
OPw8jjjhaQWHA:1/2pint
/oT1pXqoXqlns:1/2pint
xgik/arAJT7gM:1/2pint
"1/2pint" is in the rockyou.txt direct so #hashcat had nothing to do really. #passwordcracking #AdriansDigitalBasement
So @solardiz presented a talk on "Password cracking: past, present, future" at OffensiveCon last week. Definitely worth a read - bringing his usual disciplined thinking to a topic he knows very well.
He includes both historical and taxonomical perspectives, both of which I appreciate. Apparently, one of the first password-cracking contests was in 1982? (This was a password cracker contest - seeking the best cracking software!)
https://www.openwall.com/presentations/OffensiveCon2024-Password-Cracking/
[Will update post if video of the talk itself appears.]
A Detailed Guide on RustScan - In the realm of cybersecurity, network scanning tools play a vital role in reconna... https://www.hackingarticles.in/a-detailed-guide-on-rustscan/ #passwordcracking
Well played, Goldbolt - well played.
https://godbolt.org/z/KMe4cne8j
https://security.stackexchange.com/questions/276390
(When you run code to show the contents of /etc/shadow on Goldbolt, they provide a real but obviously fabricated (and funny) hash!)
#PasswordCracking #botnet has taken over #WordPress sites to attack using the visitor's #webbrowser
Researcher Denis Sinegubko concludes that 41,800 #passwords are being attempted per-site.
https://www.tomshardware.com/tech-industry/cyber-security/wordpress-sites-are-vulnerable-to-an-attack-leveraging-visitors-browsers-for-a-password-cracking-botnet
Attack wrangles thousands of web users into a password-cracking botnet - Enlarge (credit: Getty Images)
Attackers have transformed hund... - https://arstechnica.com/?p=2008817 #passwordcracking #passwords #security #websites #botnets #biz&it
Prompted by a recent conversation, a short, living list of password-length breakpoints relative to hashes, in bytes (will shorten with a CW after it stabilizes):
7 - Max length of the first and second halves of an LM password. This means that any ASCII LM password, regardless of length and composition, can be cracked in under five minutes on modern gear.
8 - Max length of a descrypt password. If ASCII, can be fully exhausted on prosumer gear in a couple of days (worst case)
8 - WPA2 minimum length
8 - Minimum length of some Ethereum passphrases
8 - Max length of AS/400 and older iSeries mainframe passwords
10 - Max length of newer iSeries mainframe passwords (if QPWDMAXLEN is configured)
14 - Max "length" of an LM password (even though it's really two 7-byte passwords)
14 - Max value for the native minimum password length policy setting in Windows (unless third party passfilt.dll or fine-grained rules are used)
15 - Length at which LM password default will be ignored, and the hash will be forced to be NTLM (except some machine-account corner cases, which may truncate to 14)
63-64 - Max length of WPA2 (depending on implementation)
72 - Max length of a bcrypt password
128 - Max length for newer IBM mainframes when configured
What am I missing? (Will merge any validated replies)
Note: chars != bytes, lots of corner cases, YMMV.
Scope note - too many website length restrictions / symptoms to list here, but https://github.com/apple/password-manager-resources is a great place for that!
Read it here:
