Waraxe IT Security Portal

renaker · Active user

I am new to playing with hashes, but in the last week I've become extremely addicted. There is just something about attacking hashes that keeps me coming back to the comp. I am considering getting one of Nivida's graphics card to play with some of elcomsof's software and Extreme GPU Bruteforcer.

My real question is, does running 50 - 600 million p/s actually make a difference when truly bruteforcing? If I wanted to bruteforce a pass between 1 and 15 characters that used a full character set, something like this (regex): [a-zA-Z0-9 \!\@\#\$\%\^\&\*\_\-\=\|\+\;\:\'\"\,\.\<\.\>\/\?\`\~\\]

will I even be able to bruteforce it even with those incredible speeds? I lack the mind capacity to grasp the concept of 2^128 possible hashes. That sort of number just blows me away. I don't know if that would take 3 hours with a powerful gfx card, or 3 centuries. Your thoughts are greatly appreciated.

If there is success to be expected from one of these fine gfx cards, do any of you know what kind of results I could expect from any of the following NVIDIA gfx cards?

GeForce GTX 280,
NVIDIA GeForce 9800 GX2,
NVIDIA GeForce GTX 260,
NVIDIA GeForce 8800 Ultra,
or possibly a Quadro FX 5800 if It's available and I have the cash.

Also, if any of you know where I could find a really good wordlist I'd appreciate it. I truly thank anyone who took the time to read this.

renaker · Active user

Sorry for the double post, but I didn't feel like waiting. I'm no mathematician, but I think these numbers are pretty close. Please tell me if I'm wayyy off. I hope I am lol. Above, I wanted to brute a 15 character pass with a 90 character set. This is what bruting a 15 char pass looks like with those specifications. This does not include the buildup from 1 char pass to 2, then 3,4,5...etc. Just a 15 char pass, and I guestimated I could test 200 million passes per second with a decent card.

QWERTYUIOPLKJHGFDSAZXCVBNMqwertyuiopasdfghjklzxcvbnm1234567890!@#$%^&*()_-+={[}]:';"<>,.?/

----------------90^15 = all possible 15 character combos with a 90 char set.

90^15 = 2.05891132 × 10^29
205,891,132,000,000,000,000,000,000,000

----------------Total number of seconds to test all possible combos

1.02945566 × 10^21
1,029,455,660,000,000,000,000

----------------Total number of minutes

1.71575943 × 10^19
17,157,594,300,000,000,000

-----------------Total number of hours

2.85959905 × 10^17
285,959,905,000,000,000

----------------Total number of days

1.1914996 × 10^16
11,914,996,000,000,000

--------------Total number of years

3.26438247 × 10^13
32,643,824,700,000

------------------

yikes... I really hope I'm wrong. If I'm right, I don't understand the attraction to buying a nivida graphics card if these are the kind of results you get for the more complicated hashes. Even if you were bruting 1 billion combos a second, it'd still take 6,528,764,940,000 years. So if anybody has that awesome wordlist I've been looking for, I'm ready to resort to it.

EDIT: I redid the calculations for a 10 char pass at 200mil p/s with a 90 char set. Turns out that would only take 5,528 years. Now that's better than 32 trillion, but it won't satisfy me in my lifetime. I really hope I see the day of quantum computers. <3 Also, what am I missing? What are the hash wizards out there doing to get decent results? With a crap word list I've only had a 30% success rate doing simple dictionary attacks. What have you guys had the most success doing?

waraxe · Site admin

Bruteforce can't do miracles. Best option is to combine bruteforce, rainbow tables and various wordlist methods. In wich order to try them, what charsets and what length, hybrid wordlist algorithms, etc - all this come through experience. Right now i'm suggesting to buy as good GPU as you can, then get as good wordlists as you can and use hybrid dictionary method in passwordspro, this will improver your success rate.
And remember - password cracking is based mostly on human weaknesses, not on cryptographic weaknesses. You can break hashes, which are made from weak passwords. You can't break hashes of strong passwords with current (year 2008) hardware. Exception is, when cryptographic weaknesses are found in some algos Smile

renaker · Active user

Thanks waraxe. Could you possibly suggest some sources for decent wordlists? So far I've used various ones from these two pages. A lot of them look the same. Any help would be appreciated, thanks again for replying to my topics. :)

http://www.md5this.com/wordlists.html
http://www.insidepro.com/eng/download.shtml

waraxe · Site admin

Lot's of wordlists are available for download and easy to find via Google. But be aware, that many wordlists are actually worthless or just very bad quality. So choose wisely. And of course, if you wanna be serious in cracking bussiness, then you must find your favorite way to compile and sort your own words database. Delete all duplicates, remove too short and too long words, maybe split by word length, etc. My personal favorite method is php/mysql and i have millions of words in my database tables. Finally i'm exporting them to txt files and then use in PasswordsPro, Cain, JTR and other pass cracking utilities. So you see - wordlists handling and collecting can be kind of art or science, or hobby Smile

renaker · Active user

Well, I'm glad to hear you bring up php/mysql. Php is the only language I feel relaxed using. But I'm curious, how are gathering the words? Have you created some sort of generator? Or are you simply the admin of multiple sites that saves just the passwords from registrations and pass changes?

I wish there was a way to get a password dump from every facebook, myspace, and AOL account. Just the passes, not attached to any specific account. AND now I can tell I'm just fantasizing. lol.

If you don't mind telling me, and I hope I'm not intruding by asking this, but what sort of php jungle have you created? How are you accumulating these fabulous words?

waraxe · Site admin

Generator? No, no. That's pointless. What i'm collecting, is real words - char combinations - that have been used somewhere before. Wordlist generation is not better than bruteforce.
Now imagine, that you write little php script, that will fetch all flickr usernames. This information is not secret and process takes some time, maybe couple of hours. As result you have txt file. Next php script will analyze that text file, sort out useful words, sanitize them (remove and/or replace some chars). Finally script will first lookup any words presence in main database. If it's allready there, then ref counter is incremented. If it's not there, then next will be google search. Now all depends on result count. If that word is in use on many pages (treshhold can be configured), then this word will be inserted to database. Such google check will minimize spamword insertion possibilities.
And of course there are export scripts. You can write php script, that will fetch from database all words starting with "z" and with length 6-12 chars for example. Or you can write script, that makes some permutations and produces hybrid wordlist.

renaker · Active user

That's really is a sweet idea. My script isn't that great, but just to play around I made this:

I now understand why this won't solve life's problems, but it can help out just as much as some other decent dictionaries. (I'll weed out the bad chars later). Besides the script, I really like your idea of making word search scripts. That is really a great concept. But now, where to find the most password like words... hmmmmmm?....

( I understand this script sucks, I made it as fast as i could. I just wanted to toy with the concept. )

waraxe · Site admin

Try phpbb forum memberlists:

http://www.google.ee/search?hl=et&client=firefox-a&channel=s&rls=org.mozilla%3Aen-US%3Aofficial&hs=SBd&q=inurl%3Amemberlist.php+intitle%3Amemberlist+username+email&btnG=Otsi&lr=

It's amazing , how much info is available in web Smile

renaker · Active user

yes!!!

renaker · Active user

Thanks for that suggestion waraxe, would you like me to post my scripts as I go, or would you rather have me just keep them on my comp? I think there was something seriously flawed with the flickr script. The number count only goes up to 10,001(on the site) but there also appears to user titles in the urls as well. Besides the point, I have a basic php script that reads every username from a phpbb board and it converts them to lower case. Is this something I should post, or just let others figure out? Or have you already posted yours somewhere? Also, do you have any more suggestion as far as decent publicly available words go? If not, the phpbb script will keep me busy for quite some time ahhaha. Making these mini-scripts has been quite fun. Thanks for aiming me in the right direction. Smile

waraxe · Site admin

Try vbulletin members:

http://www.google.ee/search?client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&channel=s&hl=et&q=inurl%3Amemberlist.php+intitle%3A%22members+list%22&lr=&btnG=Google+otsing

Lot's of information Smile

And you can have huge list of working vbulletin communities, with thousands of pages filled with text in each of them. This can be useful.

And of course it's good, if you share your scripts with others. I'm sure, that many people will find them useful and interesting.

As for flickr - there are better methods for usernames crawling.

For example:

http://www.flickr.com/search/people/?q=a&page=100

It states, that here's > 110 000 names Smile