05-06-2012, 01:42 AM
Fun competition, although I didn't join in. You guys are way much better than I am, so I didn't even consider trying. :-)
On the other hand I suddenly had this weird thought when the competition was over, and atom said that the new and improved best64.rule would be provided with the new 0.08 version of oclHashcat-plus. "What if the new best64.rule is actually worse than the old one for other lists than those used in the competition?"
Time for my experiment:
I've got 85615 unique NTLM hashes, originating from a domain with complexity requirements turned on (default config from Microsoft). I will use the same wordlist (passwords_top10k.dict.txt), as used in the competition, and run that against the NTLM hashes using the old and the new best64.rule, to see how many hashes gets cracked using each one.
My command line (Ubuntu 12.04LTS 64-bit, Nvidia GTX580, newest drivers, all updates installed):
cudaHashcat-plus64.bin -m 1000 -o best64.test --outfile-format=7 -r rules/best64.rule -a 0 ntlm.txt passwords_top10k.dict.txt (& best64-old.rule for the other run)
best64.rule is 1044 bytes, 103 lines
best64-old.rule is 548 bytes, 69 lines
Interesting results indeed:
best64.rule (new): Recovered 1364/85615
best64-old.rule (old): Recovered 2187/85615
It's 01:40 now, so I'll drop any more tests to be sure my brain isn't messing up things too much, but I will do some more testing over the next couple of days.
On the other hand I suddenly had this weird thought when the competition was over, and atom said that the new and improved best64.rule would be provided with the new 0.08 version of oclHashcat-plus. "What if the new best64.rule is actually worse than the old one for other lists than those used in the competition?"
Time for my experiment:
I've got 85615 unique NTLM hashes, originating from a domain with complexity requirements turned on (default config from Microsoft). I will use the same wordlist (passwords_top10k.dict.txt), as used in the competition, and run that against the NTLM hashes using the old and the new best64.rule, to see how many hashes gets cracked using each one.
My command line (Ubuntu 12.04LTS 64-bit, Nvidia GTX580, newest drivers, all updates installed):
cudaHashcat-plus64.bin -m 1000 -o best64.test --outfile-format=7 -r rules/best64.rule -a 0 ntlm.txt passwords_top10k.dict.txt (& best64-old.rule for the other run)
best64.rule is 1044 bytes, 103 lines
best64-old.rule is 548 bytes, 69 lines
Interesting results indeed:
best64.rule (new): Recovered 1364/85615
best64-old.rule (old): Recovered 2187/85615
It's 01:40 now, so I'll drop any more tests to be sure my brain isn't messing up things too much, but I will do some more testing over the next couple of days.