hashcat Forum
How do I add a dictionary like Rockyou? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old hashcat Support (https://hashcat.net/forum/forum-20.html)
+--- Thread: How do I add a dictionary like Rockyou? (/thread-1854.html)

Pages: 1 2


RE: How do I add a dictionary like Rockyou? - U_nix - 12-21-2012

Get yourself a copy of the wordpress version and search around for the function which encrypts the pw.

http://core.trac.wordpress.org/changeset/6350

Src.:
http://kaoticcreations.blogspot.de/2011/08/hash-type-reference-guide.html

md5(phpbb3):$H$9123456785DAERgALpsri.D9z3ht120

md5(wordpress):$P$B123456780BhGFYSlUqGyE6ErKErL01


The reason why it is slow is because they want it to be slow.Smile

Like md5crypt(). 1000 Iterations. Changing average duration from minutes to days compared to normal md5.


RE: How do I add a dictionary like Rockyou? - Kandeen - 12-21-2012

For what purpose? So I know which encryption is being used?

The encrypted password does start with $P$, which should be md5(wordpress) isntead of md5(phpbb3) like in the exame you placed in your post.

However, it seems multiple people (like Atom) say md5(phpbb3) is the same as md5(wordpress)

https://hashcat.net/forum/thread-948.html


RE: How do I add a dictionary like Rockyou? - U_nix - 12-21-2012

Think like that:

normal md5(pass): Create a md5 hash from a string.

md5crypt(pass): create a md5 from the md5 from the md5 ... till you have done it 1000 times.

edit:
This:
$P$
$1$
$x$

are just prefixes created like this:#
crypt($password,'$1$'.$hash.'$');

After that comes a salt and the md5 or just the md5.

If they use diferrent prefixes but the same hash algo it doesn` t matter if hashcat cuts both prefixes in one function.


RE: How do I add a dictionary like Rockyou? - Kandeen - 12-21-2012

Hmm I see I see

But that does mean I'm on the right track with my current command, right?

Once again, thanks a lot for taking the time to explain all this to me!


RE: How do I add a dictionary like Rockyou? - mastercracker - 12-21-2012

(12-21-2012, 07:09 PM)Kandeen Wrote: Hmm I see I see

But that does mean I'm on the right track with my current command, right?

Once again, thanks a lot for taking the time to explain all this to me!
Yes, your command line is fine. The algorithm is meant to be slow so that it's more trouble for crackers. Moreover you are using the CPU and not the GPU. If you do simple dictionary attack, it might finish relatively fast but as soon as you add rules, it becomes much slower.


RE: How do I add a dictionary like Rockyou? - U_nix - 12-21-2012

I would not even try it with the cpu version. Even the simple dictionary attack with a let` s say 5gb dictionary tooks days with some thousands generated hashes per second if I remember correct.

Everething else takes month to years. As commented by master, rule based attacks or toogle case and combinators etc.

If you really have to mess around with this kind of endless iterated hashes use the gpu.


RE: How do I add a dictionary like Rockyou? - Kandeen - 12-21-2012

Alright guys, thanks a lot!
I'll keep you updated if you want.

I really appreciate your support!