[Custom Rainbow Tables]

Well I wrote some code to generate the Rainbow tables, each entry uses 40 bytes total. 8 bytes for the unencrypted cc numbers, and 32 bytes for the sha256 hash.

Working it out though, just generating for a single bank branch number it will take around 350GB of space.

40b * 9999999999 = 399999999960b

399999999960b / 1024 = 390624999.9609375k

390624999.9609375k / 1024 = 381469.726524353M

381469.726524353M / 1024 = 372.529029809G

Total: 372.529029809 Gigabytes

If you have any ideas of how to store the information in a smaller space, let me know.

Not to mention compute time, it took me around a minute to get to 0.000255790000026%, then again my computer is fairly slow.

You could try various options for speeding it up.

1. Rewrite in C or Assembly
   
2. Modify Pyrit to generate your hashes instead.
   

The code below is fairly simple to use, I'm sure you can figure out how to use it on your own. I left implementing the searcher up to you. Although if you do need help, don't hesitate to ask.

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
#       rtgen.py
#       
#       Copyright 2011 Alias <mali0037@gmail.com>
#       
#       This program is free software; you can redistribute it and/or modify
#       it under the terms of the GNU General Public License as published by
#       the Free Software Foundation; either version 2 of the License, or
#       (at your option) any later version.
#       
#       This program is distributed in the hope that it will be useful,
#       but WITHOUT ANY WARRANTY; without even the implied warranty of
#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#       GNU General Public License for more details.
#       
#       You should have received a copy of the GNU General Public License
#       along with this program; if not, write to the Free Software
#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
#       MA 02110-1301, USA.
#       
#       

# Perform imports
import sys, time, hashlib, struct, math


# Makes sure that the bankNum is always 10 digits
def convertK(k):
	size = len(str(k))
	if(size < 10):
		k = ("0" * (10 - size)) + str(k)
	return k

# Generates the SHA256 hashes and writes to a file
def genTable(bankNum):
	# Convert bankNum to certain forms
	bankNum_int = int(bankNum)
	bankNum_str = str(bankNum)

	# Open the file
	fp = open("bank" + bankNum_str + ".rt", "wb")

	# Main loop
	for k in range(9999999999):
		# Concatenates the banknumber and the accunt number
		string = bankNum_str + convertK(k)

		string_int = int(string)

		# Convert bankNum to a C integer in bytes
		string_bytes = struct.pack('q', string_int)

		# Encrypt the string
		encryptedString = hashlib.sha256(string_bytes)

		# Write everything to a file
		fp.write(string_bytes)
		fp.write(encryptedString.digest())

		# Print the output
		percentage = k / 9999999999
		if((k % 100) == 0):
			print(string, ":  ", encryptedString.hexdigest(), "\t", percentage, "% Complete", sep = '')

	return 0

def main():
	genTable(sys.argv[1])

	return 0


if __name__ == '__main__':
	main()

[Custom Rainbow Tables]

The number of unknowns you have is only 10 right?

And assuming they are all numbers howsecureismypassword.net guesses that it would take a modern PC 40 seconds.

If I get interested enough I may write some Python code to do it.

[Cracking Wpa & Wpa 2]

Have you tried compiling pyrit to run on a distributed system at all?

Pyrit is Python based.

[Cracking Wpa & Wpa 2]

While I love Pyrit and would use it for any WPA cracking I needed doing I have to admit it doesn't scale very well compared to Elcomsofts products.

[A Good Beginner Friendly Language]

I'll be honest, I had trouble trying to learn C and still to this day, have no clue what I was doing. I only worked from examples and when I wanted to create something, googled for specific code chunks and modified to my liking. However, PHP is pretty easy to pick up. I am by no means an expert, but its code is elegant and straight forward, and similar to working with basic XHTML and Javascript, while many people tell me its like C+, I never get that feeling when working with it. I started with simple windows BAT scripting and VBS files, html, then worked my way through Visual Basic 6 (which I still think is easier than .net crap of todays visual studio) and then up to more web stuff like php and javascript, a little ajax here and there, but most ajax stuff just makes calls to preexisting libraries like jquery, mootools, etc, where you link to something like googles latest jquery files or the jquery site itself.

Mmm, by no means do I know C, but it taught me about integers, the size of integers, etc. What happens with the computer at a low level.

I love PHP as well, it's very clean, it get's hated on a lot for being slow, and it is but it's a fun language.

[A Good Beginner Friendly Language]

I would definitely recommend learning a little bit of C as it gives you a good grasp of how the computer works with integers, floats, endianess etc. Then start learning Python. Although as both Jason and Infiltrator have said it really depends on what type of programming your going to be doing.

Python is a good all round language but if you're doing something algorithmic that needs to be completed FAST then choose C or even Assembly if you want to torture yourself.

[Need Help Building A Cluster]

Way ahead of you man.... What you are looking to do is create a load balanced linux cluster (beowulf cluster). The best part about a beowulf cluster is that you will not need them to identical at all (hardware wise). They just need a form of UNIX like freebsd or linux and create a cluster with ssh and openmpi. This is old technology but is still very much used in video rendering. With a combined beowulf cluster you will be able to run numbers and words faster.

Yes but Pyrit (which is the main OpenCL based WPA cracking tool) does not support MPI. There was a patch floating around about a year ago that made pyrit support it, but I've looked for it everywhere and can't find it.

If you do manage to find it please post it here.

[Episode 8x22]

I really want to join this hacking challenge, but I don't want to provide any credit card details, during the registration process with GoToAssist.Com.

Is there any other way around it?

Agreed, that's the reason why I didn't participate in the challenge. I've got no problem downloading the client and using it even if it's just a form of advertising. Citrix are not getting my Credit Card details.

[Need Some Feedback On Diskeeper]

I use TuneUp Utilities which has lots of awesome features, such as defragging, however it also cleans the registry, performs visual and network optimisations and much, much more.

If I were actually going to buy and defrag software, that would be the one I would buy.

[Mod_rewrite Question]

I would use Nginx instead of Apache. It's lighter than Apache and can do this sort of stuff really easily. Although it might be a bit of a challenge to convert your rulesets from Apache to Nginx once you get the hang of it you really begin to realise the power that Nginx has.

Once my server comes back online again I'll test this out for you but this is what I reckon you'll need to do what you need to do.

server {

	listen 1234;

	server_name _;

	access_logs /var/log/nginx/domain2.com.access.log main;

	root /var/www/domain.com;

	index index.php index.html index.htm;

	# Some PHP support? Check these parameters.
	location ~ .php$ {
		fastcgi_pass 127.0.0.1:9000;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME /var/www/domain.com$fastcgi_script_name;
		include /etc/nginx/fastcgi_params;
	}
}

server {

	listen 80;

	server_name ~^(.*)\.domain\.com$ ;

	access_logs /var/log/nginx/domain.com.access.log main;

	location / {
		proxy_pass http://domain.com:1234/$1 break;
	}
}

Note that you will have to have A records for each subdomain. An A record takes a human recognisable name and converts it into an IP Address. For example what you will need to setup is an A record for webhop.yourdomain.com, then Nginx will interpret that request at port 80, take the subdomain and the proxy_pass it to yourdomain.com:1234/webhop.

Hopefully that should work (yeah right)

[Episode 8x22]

The competition sounds freakin' awesome.

[Encryption Question]

Don't quote me on this but according to TrueCrypt and other cryptography sites XTS mode is the best to use followed by CBC. Either way I don't trust zip file and encryption it has been implented badly before and I stick with TC as it is proven technology. I can't speak of 7-Zip but most of the time breaking zip files is rather easy but not sure if those were ciphered with AES-256 or that "zipcrypto" one. I have on many occasions recovered files from zip containers even when protected with a password (Windows default one; not even sure if they use encryption or not).

Don't quote me on this one either but I though that XTS was only for Disk encryption?

[Encryption Question]

If the implementations are both correct then both will be fine, however the cipher is not the only thing you need to worry about. The Block Cipher Mode of Operation is another thing you need to find out. For example if 7zip is using EBC (Electronic CodeBook) then you shouldn't use 7zip.

Only use an encryption program that lets you choose the cipher mode. There is no most secure cipher mode but if you have a choice then use CBC (Cipher-block Chaining)

If you want to see the difference then go here http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 and scroll down until you can see the images.

[What Was Your First Computer ?]

I got my dad's old computer when I was 8. It was a Packard Bell with 660Mhz Pentium III processor, 128MB RAM, 12GB Harddrive but it's main feature was a 128-bit sound card :D

It was running Win 98 SE when i got it but eventually I put XP on it. It still runs.

[Hello]

Welcome to the forums, nice to see some fellow Aussies on here.

Also Swordfish is a great movie but about as inaccurate as it gets.

[[fail] Sony Psp/ps3 Private Keys Leaked]

The whole reason they got pwned was cause they screwed up their crypto. In the ECDSA functions instead of using a random number they used the same number. Which means with a bit of math you don't even need to brute force it, you can just figure out the keys.

Fail Sony, just fail.

[[Version 1] Any On...() Methods ?]

You could try using interrupts which the Teensy does support but they are extremely, extremely complex to use. Not for the novice programmer although if you want to have a crack here is the documentation.

[Need Lisence Maker For This Php Script]

I'd try and find something else that does the same job. Any program that uses RC4 should be upgraded as RC4 is broken.

[How To Scare Off An Annoying Skiddy?]

Or turn everything upside down.

[Wicked Deal On Some Indie Games]

I can confirm this, I payed $0.01 for the first Humble Indie Bundle they did which was fantastic. This time round I think I'll pay a bit more though.

[Password/username Importing With Python]

As Alias did, if you are trying to set up an authentication system with python, you should use hashlib so that if someone finds the file with the usernames and passwords, they can't just have instant access to your system. Here is a topic explaining it more in depth.

intro to cryptography

That's actually a really good link although it doesn't explain the cryptography to the extent that it should. Still a good read though.

[Wiki Leaks ...]

The tool they are using is a fork of a tool called Low Orbit Ion Cannon (LOIC) the original version is on SourceForge LOIC but the version that they have edited is on GitHub LOIC. The added a feature that allows LOIC to connect to an IRC channel which from there they can control LOIC. It's kind of like a voluntary botnet.

[Your Best Anti-virus Moment(s)?]

Unless you isolate it from the network and the power, and place it inside a safe than it will be 100% secured.

Have you not seen Mission Impossible :P

[Building A High Performance Home Router With An Adsl Modem]

Hi Weka

I've actually been looking at doing the same thing as well. What I seem to have come across so far is that you can use a Mini-ITX board as you main router however have a normal DSL modem running in "Bridged Mode" or something like that. It's the mode where it will only decode the DSL stream and pass it down the line, once it reaches your router then it will be split up and sent to computers around the place.

That means that you won't have to buy extra hardware for decoding the DSL stream as long as you already have a DSL modem, however if you want to get rid of the DSL modem as they are quite large and take up space, you can try this PCI card from Viking Industries, http://www.traverse.com.au/productview.php?product_id=115

It just plugs into a PCI slot on the motherboard (make sure you have enough slots) and then with a bit of configuration it is fairly trivial to get it working in Windows or Linux (probably Mac as well). The only problem is that its quite expensive, around the $150 mark, but you have to admit it's a sexy piece of hardware.

[Wikileaks Mass Mirro]

Personally I'm not a huge fan of Assange, I mean he used to be a pretty cool guy, Cryptographer, Hacker, he wrote the first port scanner etc. But right now he just seems like an arrogant prick. I am however a fan of Wikileaks, and I have submitted my server to them with a user account for the upload. I just have to hope that there isn't another local Linux exploit anytime soon :P

With the US Government (and any other government that wants to stop this) issue, at current count there are over 300 mirrors already setup and this has only been going on for 24 hours. We aren't doing anything illegal here. If the the US government goes in and illegally pulls down the mirrors then that will just support Wikileaks' cause.

Same with Assange, he can't be touched at the moment for two reasons. Number one, he has that insurance file which may or may not be a bluff but nevertheless its a risk the US government cannot take. Number two, if he was assassinated/went missing then he would be a martyr which the government does not want.

In conclusion it's a very politically heavy issue....