dChan
Anonymous ID: 097c6d April 3, 2020, 5:23 a.m. No.8672139   🗄️.is 🔗kun

>>8672062

>>8671963

#password cracking gpu

 

# distributed

https://github.com/jmmcatee/cracklord

http://www.adaptivecomputing.com/products/open-source/torque/

 

# netntlm protocol

http://davenport.sourceforge.net/ntlm.html

 

# hash formats cheatsheets

https://hashcat.net/wiki/doku.php?id=example_hashes

http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats

http://www.insidepro.com/hashes.php # generate all possible hashes

 

# methodologies

https://www.netspi.com/blog/entryid/222/gpu-password-cracking-building-a-better-methodology

 

# hashcat automation / frontend

http://tickorone.wordpress.com/2012/06/02/password-analysis-to-hashcat-path-script/

 

# leaks

http://www.adeptus-mechanicus.com/codex/hashpass/hashpass.php

http://www.skullsecurity.org/wiki/index.php/Passwords

 

# brice

GTX 460

 

# CUDA-mutiforcer

forums: –threads 768 -m 200 –blocks 120

brice: –threads 512 –blocks 120 -m 50

 

$ cd hashsplit && split hasfile.txt # each hashfile must be less 1024 lines

$ for i in hashsplit/*; do ./CUDA-Multiforcer-CPP -f "$i" -h SSHA -o ~/cuda.out –min 7 –max 9 -c charsets/charsetnumeric –threads 256 –blocks 60 –debug; done

 

# http://blog.distracted.nl/

EmDebr MD5

EnTibr NTLM

SHAbr SHA-1

 

# ignashgpu

ighashgpu -t:md5 -c:csd -min:4 -max:7 hash.txt

 

# BarsWF

http://3.14.by/en/md5

 

# whitepixel

http://whitepixel.zorinaq.com/

 

# hashkill

http://www.gat3way.eu/hashkill/index.php (buggy pour l'instant et pas gpu)

 

# hashcat

http://www.question-defense.com/2010/08/15/automated-password-cracking-use-oclhashcat-to-launch-a-fingerprint-attack

http://www.question-defense.com/2010/11/24/oclhashcat-fingerprint-attack-video

 

# oclHashcat

status output means the following ??? p:progress, cs:current salt, cr:current rule, cl:current (plain) length, rt:runtime, s:speed.

 

# keyboard walk

http://hashcat.net/forum/thread-3614-post-20665.html

 

# benchmarks

https://gist.github.com/epixoip/63c2ad11baf7bbd57544

https://gist.github.com/epixoip/abd64f1af800013abb1f

http://hashcat.net/forum/thread-309.html

http://golubev.com/gpuest.htm

http://www.sch0.org/

http://openwall.info/wiki/john/benchmarks

https://en.bitcoin.it/wiki/Mining_hardware_comparison

 

# halflm (aka. netlm, netntlmv1-vanilla) http://www.jedge.com/wordpress/2014/01/oclhashcat-halflm-netlm-and-bruteforcing-the-second-half/

*ntlmv1.txt =KentN::CORP:76365E2D142B5612BE95F16C7AC2AD56862D775922AF71EB:996B94A8B3F0D0A60673AF178A4CBA0CAA535884D56A631F:1122334455667788 (Password21)

hashcat -a 5 -t ~/tools/password/hashcat.net/hashcat/tables/toggle_case.table –stdout <(echo PASSWOR) case.exp

oclhashcat -a 6 -m 5500 ntlmv1.pw case.exp ?a?a?a?a

or

hashcat -a 3 -m 5500 ntlmv1.pw Passwor?a?a?a

or with rainbow tables

/pentest/tools/password/rcracki/rcracki_mt -t 6 -h 76365E2D142B5612 -o output.file /pentest/tables/rti/lm_chal/* # the first 16 hex chars is the LM hash (cat ntlmv1.pw|cut -d: -f4|cut -c1-16)

Anonymous ID: 097c6d April 3, 2020, 5:44 a.m. No.8672207   🗄️.is 🔗kun

# crypto

 

# pkcs structures

http://www.cem.me/pki/index.html

 

# tools

CrypTool

CryptoCrack

https://gchq.github.io/CyberChef/

 

# resources

http://crypto.interactive-maths.com/

http://practicalcryptography.com/cryptanalysis/

http://rumkin.com/tools/cipher/

http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html (aes well explained)

 

# Forward Secrecy.

With this feature enabled, each connection uses separate encryption keys, which means that the encrypted data remains safe if the server private key is compromised.

 

# wordpress cookie

cookie: $username|$expiry|$hmac

key = wp_hash($username . $expiration) # based on wordpress SECRET_KEY

hash_hmac('md5', $username . $expiry, $key) == $hmac

following values will generate same hash:

admin1 1353464343

admin 11353464343

 

# hash length extension

https://blog.whitehatsec.com/hash-length-extension-attacks/

http://www.vnsecurity.net/2010/03/codegate_challenge15_sha1_padding_attack/

https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks

 

Given an application that prepends a secret to a string before hashing it, the application is vulnerable if an attacker knows both the string and the hash. The attacker is able to append extra information to the original string and still generate a valid hash from it without knowing the secret. In a query, the extra data that is appended is given preference over the original data.

 

https://github.com/stephenbradshaw/hlextend

https://github.com/bwall/HashPump

https://github.com/iagox86/hash_extender

 

# substitution ciphers

  • monoalphabetic

caesar/rot: for i in {0..25}; do echo "Ackkmaa" | /usr/games/bin/caesar $i ; done

  • polyalphabetic

vigenere

autokey

porta (13 alphabet instead of 26 like vigenere)

anagram

online cryptogram solver: http://quipqiup.com/

google SCBSolver

best results with tools/crypto/practicalcryptography.com/*.py (e.g. tools/crypto/pygenere's VigCrack.crack_codeword fails when ciphertext too small)

 

# transposition cipher

scytale

rail fence

route

columnar transposition (break_coltrans.py) unlikely if there are no many vowels

 

# xortool

github.com/hellman/xortool: use -c 00 for encrypted binaries, -c ' ' for texts (sometimes fails to find correct xor key)

 

# XORsearch

https://blog.didierstevens.com/?s=xorsearch

 

# ADVGVX

ciphertext only consists of these letters

 

# scrambler

if the algo is cyclic, keep running the ciphertext through the scramler until output makes sense