how-to crack 43kk passwords while drinking your juice/smoozie in the hood
TRANSCRIPT
![Page 1: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/1.jpg)
Yurii Bilyk | 2016
How-to crack 43kk passwords while drinking your in the Hood
![Page 2: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/2.jpg)
WHO AM I
26 vs 27.5 vs 29
![Page 3: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/3.jpg)
TEAM
WE are Security Group WE are ALL Engineers (Almost;) WE are OWASP Lviv Chapter WE are Legio… oops
blog: http://owasp-lviv.blogspot.comskype: y.bilyk
![Page 4: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/4.jpg)
o But WHY??!!o Our CRACKING RIG o Different obvious methodso Not so obvious methodso Some interesting statistics
Agenda
![Page 5: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/5.jpg)
Tell Me WHY!?
what’s wrong with you?
![Page 6: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/6.jpg)
The Reason
Just for FUN
Good example of Open Source Intelligence
You can really test your skills in password cracking
![Page 7: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/7.jpg)
Some Info
LinkedIn DB contains 250 758 057 e-mails
Only 61 829 208 contains unique hashes
File size of all unique hashes is 2.5 GB
![Page 8: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/8.jpg)
Our CRACKING RIG
because we can
![Page 9: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/9.jpg)
P - Podgotovka
LinkedIn DB contains unsalted SHA-1 hashes
GPU should be best option for such type of hashes
Best tool for this case is HashCat
![Page 10: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/10.jpg)
![Page 11: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/11.jpg)
GTX 1080 SHA-1 Benchmark
8xGPU SHA-1 crack speed: 68 771.0 MH/s
8xCHARS password Z!sN0/7u: 95 symbols length alphabet6.70 X 1015 search space
1 days 3 hours 4 minutes 54 seconds to brute ALL combinations
![Page 12: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/12.jpg)
Question of Money
738x8 = 5904 $$$
![Page 13: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/13.jpg)
![Page 14: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/14.jpg)
Amazon K80 SHA-1 Benchmark
36xGPU SHA-1 crack speed: 75 200.0 MH/s
8xCHARS password Z!sN0/7u: 95 symbols length alphabet6.70 X 1015 search space
1 days 45 minutes 59 seconds to brute ALL combinations
![Page 15: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/15.jpg)
So You’ve said Amazon?
(14.4+14.4+7.2)x25 = 900 $$$
![Page 16: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/16.jpg)
![Page 17: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/17.jpg)
Rainbow Alternatives
1000 $$$
![Page 18: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/18.jpg)
RainBow Seek SHA-1 Benchmark
SHA-1 crack speed: 3 880 000.0 MH/s for 1 hash784 000.0 MH/s for 10 hashes
8xCHARS password Z!sN0/7u: 95 symbols length alphabet6.70 X 1015 search space
28 minutes <-> 2 hours 22 minutes to brute ALL combinations
![Page 19: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/19.jpg)
![Page 20: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/20.jpg)
Return to Reality
Intel Core i5-3570 @ 3.4GhzSHA-1 crack speed: ~120.0 MH/s
NVIDIA 750GT (Mobile):SHA-1 crack speed: ~120.0 MH/s
![Page 21: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/21.jpg)
1xi5-3570 SHA-1 Benchmark
SHA-1 crack speed: 120.0 MH/s
8xCHARS password Z!sN0/7u: 95 symbols length alphabet6.70 X 1015 search space
1 years 281 days 10 hours 30 minutes 48 seconds to brute ALL combinations
![Page 22: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/22.jpg)
Some OBVIOUS STEPS
let’s play
![Page 23: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/23.jpg)
Where to Start?
We used dictionary attack as the first attempt
You need good dictionary. We started with rockyou.txt
You need memory for your hashes. It could be problem for GPU
![Page 24: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/24.jpg)
So First Try
Cracked around 20% of all hashes (with rockyou.txt dictionary)
It took around 5 mins
And now you have to think what to do next
![Page 25: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/25.jpg)
We need moar dictionaries!
RockYou contains 14 344 391 words
We tried different dictionaries. The biggest was 1 212 356 398 words and 15 GB in size
All this gives us approx 35% of all hashes
![Page 26: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/26.jpg)
Let’s brute it!
We selected up to 6 char passwords with full set of characters
It took around 2 hours
All this gives us approx 45% of all hashes
![Page 27: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/27.jpg)
Magic of STATISTICS
new is well-forgotten old
![Page 28: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/28.jpg)
What we can do get moar?
HashCat has rules of transformationIt mutates original word
Quality of your dictionary is essential. Size doesn’t rly matters
Using rules is more time consuming than just dictionary attack
![Page 29: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/29.jpg)
What rules are effective?
We used best64, InsidePro-PasswordsPro and d3ad0ne rules
It was very effective in terms of number of hashes
All this gives us approx 60% of all hashes
![Page 30: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/30.jpg)
Time to go smarter way
We have 36 millions of cracked passwords
We can analyze cracked password to determine patters
This patterns can produce more efficient bruteforce masks
![Page 31: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/31.jpg)
Meet PACK Tool
http://thesprawl.org/projects/pack/
![Page 32: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/32.jpg)
PACK Tool Features
Can analyze list of password and generate bruteforce mask
You can specify password length, time, complexity constrains
Gives you some idea what type of passwords are popular
![Page 33: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/33.jpg)
Is PACK effective?
It can crack similar passwords according that you already have
You can flexibly choose best masks regarding constrains
All this gives us approx 65% of all hashes
![Page 34: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/34.jpg)
Other types of attacks
PRINCE attack, somehow similar to the using PACK tool + mutation
Combination of TWO and more dictionaries
Hybrid attack, that uses dictionaries + rules + bruteforce masks
![Page 35: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/35.jpg)
Some CHARTSIt’s easy
![Page 36: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/36.jpg)
Length of password (Our)
![Page 37: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/37.jpg)
Length of password (Korelogic)
![Page 38: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/38.jpg)
Character-set of password (Our)
![Page 39: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/39.jpg)
Most Popular Passwords (Korelogic)
![Page 40: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/40.jpg)
Mails (Korelogic)
![Page 41: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/41.jpg)
Base Words (Korelogic)
![Page 42: How-to crack 43kk passwords while drinking your juice/smoozie in the Hood](https://reader033.vdocuments.site/reader033/viewer/2022051123/5870e36d1a28abcf288b5373/html5/thumbnails/42.jpg)
Thank YOU!