hashcat Forum
Noob question: md5 salted unix unknown password cracking - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Noob question: md5 salted unix unknown password cracking (/thread-8837.html)



Noob question: md5 salted unix unknown password cracking - adderek - 12-21-2019

Hi,

I'm trying to crack an unix password (hash is "$1$[redacted]." without the quotation). This is an md5 hash for unix password.
I'm sending it here as the idea is to crack and publish (any matching password).
My idea is to use my GPU and try to find anything matching... brute force?
How should I continue?

Background:
A manufacturer called "Ignition Design Labs" has stolen OpenWRT code - It is an GPLv2 and they released their product (wifi router "portal") without releasing the sources. There was some acquisition made by Razer.
Router itself has their own closed-source code - which is vulnerable as hell - so I can easily gain root there. And upload SSH keys for easy access. And read /etc/shadow. Router is running dropbear by default.
Now I would like to find a matching password so that the community could log in and modify the system configuration.

I have no idea what the password might be. Nor where to search for good dictionaries for combination mode. I don't need the right password - anything matching $1$[redacted]. would be OK. I don't have 4TB available for rainbow tables Sad So far I was just going to use an radeon 590 (or nvidia 970) with hashcat and hope to get lucky.

Any support would be appreciated - thanks in advance.


RE: Noob question: md5 salted unix unknown password cracking - royce - 12-21-2019

Per the forum rules:

https://hashcat.net/forum/archive/index.php?announcement-2.html

... do not post hashes. I've redacted yours.


RE: Noob question: md5 salted unix unknown password cracking - rarecoil - 12-23-2019

many people here start with the hashes.org "founds" lists for plaintexts as they are a clean source of good passwords for unknown sources. these mixed with a good ruleset (OneRuleToRuleThemAll, etc.) may yield the plain. hashes.org does also have a hash -> plain lookup in case the hash has already been seen and cracked by someone in the community.

$1$ (md5crypt) is a pretty weak hash; a single radeon vii can do about 11500 kH/sec. this is within the realm of low-character brute-force with some ok computational power.