Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by Alias

  1. Well I wrote some code to generate the Rainbow tables, each entry uses 40 bytes total. 8 bytes for the unencrypted cc numbers, and 32 bytes for the sha256 hash. Working it out though, just generating for a single bank branch number it will take around 350GB of space. 40b * 9999999999 = 399999999960b 399999999960b / 1024 = 390624999.9609375k 390624999.9609375k / 1024 = 381469.726524353M 381469.726524353M / 1024 = 372.529029809G Total: 372.529029809 Gigabytes If you have any ideas of how to store the information in a smaller space, let me know. Not to mention compute time, it took me around a minute to get to 0.000255790000026%, then again my computer is fairly slow. You could try various options for speeding it up. Rewrite in C or Assembly Modify Pyrit to generate your hashes instead. The code below is fairly simple to use, I'm sure you can figure out how to use it on your own. I left implementing the searcher up to you. Although if you do need help, don't hesitate to ask. #!/usr/bin/env python3 # -*- coding: utf-8 -*- # # rtgen.py # # Copyright 2011 Alias <mali0037@gmail.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, # MA 02110-1301, USA. # # # Perform imports import sys, time, hashlib, struct, math # Makes sure that the bankNum is always 10 digits def convertK(k): size = len(str(k)) if(size < 10): k = ("0" * (10 - size)) + str(k) return k # Generates the SHA256 hashes and writes to a file def genTable(bankNum): # Convert bankNum to certain forms bankNum_int = int(bankNum) bankNum_str = str(bankNum) # Open the file fp = open("bank" + bankNum_str + ".rt", "wb") # Main loop for k in range(9999999999): # Concatenates the banknumber and the accunt number string = bankNum_str + convertK(k) string_int = int(string) # Convert bankNum to a C integer in bytes string_bytes = struct.pack('q', string_int) # Encrypt the string encryptedString = hashlib.sha256(string_bytes) # Write everything to a file fp.write(string_bytes) fp.write(encryptedString.digest()) # Print the output percentage = k / 9999999999 if((k % 100) == 0): print(string, ": ", encryptedString.hexdigest(), "\t", percentage, "% Complete", sep = '') return 0 def main(): genTable(sys.argv[1]) return 0 if __name__ == '__main__': main()
  2. The number of unknowns you have is only 10 right? And assuming they are all numbers howsecureismypassword.net guesses that it would take a modern PC 40 seconds. If I get interested enough I may write some Python code to do it.
  3. Pyrit is Python based.
  4. While I love Pyrit and would use it for any WPA cracking I needed doing I have to admit it doesn't scale very well compared to Elcomsofts products.
  5. Mmm, by no means do I know C, but it taught me about integers, the size of integers, etc. What happens with the computer at a low level. I love PHP as well, it's very clean, it get's hated on a lot for being slow, and it is but it's a fun language.
  6. I would definitely recommend learning a little bit of C as it gives you a good grasp of how the computer works with integers, floats, endianess etc. Then start learning Python. Although as both Jason and Infiltrator have said it really depends on what type of programming your going to be doing. Python is a good all round language but if you're doing something algorithmic that needs to be completed FAST then choose C or even Assembly if you want to torture yourself.
  7. Yes but Pyrit (which is the main OpenCL based WPA cracking tool) does not support MPI. There was a patch floating around about a year ago that made pyrit support it, but I've looked for it everywhere and can't find it. If you do manage to find it please post it here.
  8. I use TuneUp Utilities which has lots of awesome features, such as defragging, however it also cleans the registry, performs visual and network optimisations and much, much more. If I were actually going to buy and defrag software, that would be the one I would buy.
  9. I would use Nginx instead of Apache. It's lighter than Apache and can do this sort of stuff really easily. Although it might be a bit of a challenge to convert your rulesets from Apache to Nginx once you get the hang of it you really begin to realise the power that Nginx has. Once my server comes back online again I'll test this out for you but this is what I reckon you'll need to do what you need to do. server { listen 1234; server_name _; access_logs /var/log/nginx/domain2.com.access.log main; root /var/www/domain.com; index index.php index.html index.htm; # Some PHP support? Check these parameters. location ~ .php$ { fastcgi_pass; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/domain.com$fastcgi_script_name; include /etc/nginx/fastcgi_params; } } server { listen 80; server_name ~^(.*)\.domain\.com$ ; access_logs /var/log/nginx/domain.com.access.log main; location / { proxy_pass http://domain.com:1234/$1 break; } } Note that you will have to have A records for each subdomain. An A record takes a human recognisable name and converts it into an IP Address. For example what you will need to setup is an A record for webhop.yourdomain.com, then Nginx will interpret that request at port 80, take the subdomain and the proxy_pass it to yourdomain.com:1234/webhop. Hopefully that should work (yeah right)
  10. Don't quote me on this one either but I though that XTS was only for Disk encryption?
  11. If the implementations are both correct then both will be fine, however the cipher is not the only thing you need to worry about. The Block Cipher Mode of Operation is another thing you need to find out. For example if 7zip is using EBC (Electronic CodeBook) then you shouldn't use 7zip. Only use an encryption program that lets you choose the cipher mode. There is no most secure cipher mode but if you have a choice then use CBC (Cipher-block Chaining) If you want to see the difference then go here http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 and scroll down until you can see the images.
  12. I got my dad's old computer when I was 8. It was a Packard Bell with 660Mhz Pentium III processor, 128MB RAM, 12GB Harddrive but it's main feature was a 128-bit sound card :D It was running Win 98 SE when i got it but eventually I put XP on it. It still runs.
  13. Welcome to the forums, nice to see some fellow Aussies on here. Also Swordfish is a great movie but about as inaccurate as it gets.
  14. The whole reason they got pwned was cause they screwed up their crypto. In the ECDSA functions instead of using a random number they used the same number. Which means with a bit of math you don't even need to brute force it, you can just figure out the keys. Fail Sony, just fail.
  15. You could try using interrupts which the Teensy does support but they are extremely, extremely complex to use. Not for the novice programmer although if you want to have a crack here is the documentation.
  16. I'd try and find something else that does the same job. Any program that uses RC4 should be upgraded as RC4 is broken.
  17. I can confirm this, I payed $0.01 for the first Humble Indie Bundle they did which was fantastic. This time round I think I'll pay a bit more though.
  18. That's actually a really good link although it doesn't explain the cryptography to the extent that it should. Still a good read though.
  19. The tool they are using is a fork of a tool called Low Orbit Ion Cannon (LOIC) the original version is on SourceForge LOIC but the version that they have edited is on GitHub LOIC. The added a feature that allows LOIC to connect to an IRC channel which from there they can control LOIC. It's kind of like a voluntary botnet.
  20. Have you not seen Mission Impossible :P
  21. Hi Weka I've actually been looking at doing the same thing as well. What I seem to have come across so far is that you can use a Mini-ITX board as you main router however have a normal DSL modem running in "Bridged Mode" or something like that. It's the mode where it will only decode the DSL stream and pass it down the line, once it reaches your router then it will be split up and sent to computers around the place. That means that you won't have to buy extra hardware for decoding the DSL stream as long as you already have a DSL modem, however if you want to get rid of the DSL modem as they are quite large and take up space, you can try this PCI card from Viking Industries, http://www.traverse.com.au/productview.php?product_id=115 It just plugs into a PCI slot on the motherboard (make sure you have enough slots) and then with a bit of configuration it is fairly trivial to get it working in Windows or Linux (probably Mac as well). The only problem is that its quite expensive, around the $150 mark, but you have to admit it's a sexy piece of hardware.
  22. Personally I'm not a huge fan of Assange, I mean he used to be a pretty cool guy, Cryptographer, Hacker, he wrote the first port scanner etc. But right now he just seems like an arrogant prick. I am however a fan of Wikileaks, and I have submitted my server to them with a user account for the upload. I just have to hope that there isn't another local Linux exploit anytime soon :P With the US Government (and any other government that wants to stop this) issue, at current count there are over 300 mirrors already setup and this has only been going on for 24 hours. We aren't doing anything illegal here. If the the US government goes in and illegally pulls down the mirrors then that will just support Wikileaks' cause. Same with Assange, he can't be touched at the moment for two reasons. Number one, he has that insurance file which may or may not be a bluff but nevertheless its a risk the US government cannot take. Number two, if he was assassinated/went missing then he would be a martyr which the government does not want. In conclusion it's a very politically heavy issue....
  23. All of you with Unix based servers should set up a Wikileaks mass mirror. Details are here http://wikileaks.ch/mass-mirror.html
  24. Here we go, just a little something that does the trick. It reads from a file called "passwd" in the current directory. The formatting of the logins is "username:password" it will parse those and then put them into a dictionary. This has benefits because it will automatically expand to however many logins there are in the file. I also took out all of the lowering of strings, it's unnecessary and a security risk. I've also added some basic SHA encryption as well. An already SHA encrypted password is placed in the login file instead of a cleartext password. Then the program computes the SHA hash of the user given password. If the two of them match then the user is logged in. There might be a few bugs you run into, for example if the "username:password" string isn't formatted correctly in the password file you may have some problems. Overall it's fairly easy to follow but if you've got any questions just ask. Here's my passwd file there are 2 users, a normal user and a guest user, the user Alias has a private password (:P) and the guest user has a password of "password" Alias:2dd00738ed848e5fad7070ef9104c62c2dfe82ab51e3ef6e1bb81bd4caecad63 guest:5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 import string as str import hashlib as crypto username = "" password = "" login = "n" logins = dict() filePointer = open("passwd", "r") for line in filePointer: line = str.strip(line, "\n") loginInfo = str.split(line, ":", 2) logins[loginInfo[0]] = loginInfo[1] while (login == "n"): print "Please enter your Username" username = raw_input("> ") print "Please enter your Password" password = crypto.sha256(raw_input("> ")).hexdigest() if(logins[username] == password): login = "y" print "Login Successful!" else: print "Login Failed\n"
  • Create New...