12-28-2013, 01:01 PM
Hey guys,
I'm working on a white paper and I am trying to crack hashes from a vbulletin forum < 3.8.5. This forum was an invite-only forum for hackers. My goal is to see who used more than one account by looking at duplicate passwords since hackers probably used the same password for all their accounts on the forum. I am also trying to write about what type of passwords hackers use as a FYI for the community.
Now, I have about 400 hashes in my db, each with its own salt. I've been using oclhashcat to crack hashes but I am rapidly hitting a wall. Using these techniques, I've managed to crack about 21% of hashes:
Brute force 1-6 characters length with ?a
Brute force 7 characters length with loweralpha
Brute force 7 characters length with upperalpha
Brute force 7-10 characters length with digits
Brute force 7 characters length with loweralpha and digits
Straitght using mangled.lst, rockyou.txt, pwgen-tty.lst, pwgen-nontty.lst
Straitght with best64 using mangled.lst, rockyou.txt, pwgen-tty.lst, pwgen-nontty.lst
Any idea on what to do next? I would really need to get at least 75%-80% of these hashes cracked. I am currently using a single Tesla M2090 though I also have access to a 12-core server. I will be posting the same message in the hashcat section in case someone thinks it would be better for me to use hashcat instead of oclhashcat. Thanks for your help and if someone manages to help me get to 75%-80%, I would gladly put their name as an author on the paper!
I'm working on a white paper and I am trying to crack hashes from a vbulletin forum < 3.8.5. This forum was an invite-only forum for hackers. My goal is to see who used more than one account by looking at duplicate passwords since hackers probably used the same password for all their accounts on the forum. I am also trying to write about what type of passwords hackers use as a FYI for the community.
Now, I have about 400 hashes in my db, each with its own salt. I've been using oclhashcat to crack hashes but I am rapidly hitting a wall. Using these techniques, I've managed to crack about 21% of hashes:
Brute force 1-6 characters length with ?a
Brute force 7 characters length with loweralpha
Brute force 7 characters length with upperalpha
Brute force 7-10 characters length with digits
Brute force 7 characters length with loweralpha and digits
Straitght using mangled.lst, rockyou.txt, pwgen-tty.lst, pwgen-nontty.lst
Straitght with best64 using mangled.lst, rockyou.txt, pwgen-tty.lst, pwgen-nontty.lst
Any idea on what to do next? I would really need to get at least 75%-80% of these hashes cracked. I am currently using a single Tesla M2090 though I also have access to a 12-core server. I will be posting the same message in the hashcat section in case someone thinks it would be better for me to use hashcat instead of oclhashcat. Thanks for your help and if someone manages to help me get to 75%-80%, I would gladly put their name as an author on the paper!