How do I add a dictionary like Rockyou? - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html) +--- Forum: Old hashcat Support (https://hashcat.net/forum/forum-20.html) +--- Thread: How do I add a dictionary like Rockyou? (/thread-1854.html) Pages:
1
2
|
RE: How do I add a dictionary like Rockyou? - U_nix - 12-21-2012 Get yourself a copy of the wordpress version and search around for the function which encrypts the pw. http://core.trac.wordpress.org/changeset/6350 Src.: http://kaoticcreations.blogspot.de/2011/08/hash-type-reference-guide.html md5(phpbb3):$H$9123456785DAERgALpsri.D9z3ht120 md5(wordpress):$P$B123456780BhGFYSlUqGyE6ErKErL01 The reason why it is slow is because they want it to be slow. Like md5crypt(). 1000 Iterations. Changing average duration from minutes to days compared to normal md5. RE: How do I add a dictionary like Rockyou? - Kandeen - 12-21-2012 For what purpose? So I know which encryption is being used? The encrypted password does start with $P$, which should be md5(wordpress) isntead of md5(phpbb3) like in the exame you placed in your post. However, it seems multiple people (like Atom) say md5(phpbb3) is the same as md5(wordpress) https://hashcat.net/forum/thread-948.html RE: How do I add a dictionary like Rockyou? - U_nix - 12-21-2012 Think like that: normal md5(pass): Create a md5 hash from a string. md5crypt(pass): create a md5 from the md5 from the md5 ... till you have done it 1000 times. edit: This: $P$ $1$ $x$ are just prefixes created like this:# crypt($password,'$1$'.$hash.'$'); After that comes a salt and the md5 or just the md5. If they use diferrent prefixes but the same hash algo it doesn` t matter if hashcat cuts both prefixes in one function. RE: How do I add a dictionary like Rockyou? - Kandeen - 12-21-2012 Hmm I see I see But that does mean I'm on the right track with my current command, right? Once again, thanks a lot for taking the time to explain all this to me! RE: How do I add a dictionary like Rockyou? - mastercracker - 12-21-2012 (12-21-2012, 07:09 PM)Kandeen Wrote: Hmm I see I seeYes, your command line is fine. The algorithm is meant to be slow so that it's more trouble for crackers. Moreover you are using the CPU and not the GPU. If you do simple dictionary attack, it might finish relatively fast but as soon as you add rules, it becomes much slower. RE: How do I add a dictionary like Rockyou? - U_nix - 12-21-2012 I would not even try it with the cpu version. Even the simple dictionary attack with a let` s say 5gb dictionary tooks days with some thousands generated hashes per second if I remember correct. Everething else takes month to years. As commented by master, rule based attacks or toogle case and combinators etc. If you really have to mess around with this kind of endless iterated hashes use the gpu. RE: How do I add a dictionary like Rockyou? - Kandeen - 12-21-2012 Alright guys, thanks a lot! I'll keep you updated if you want. I really appreciate your support! |