hanshot1st Posted February 28, 2012 Posted February 28, 2012 Any suggestions where to look? (As long as it's under 100gb size not an issue) There are TONS of sites, but looking for good suggestions to eliminate sifting. Quote
digininja Posted February 28, 2012 Posted February 28, 2012 What are you looking to crack? I've moved away from rainbow tables and do most of my cracking using HashCat now. If you have a good dictionary and good GPUs you can crack a lot of stuff in not much time. Last week I did 28k of NTLM in a couple of minutes. Quote
hanshot1st Posted February 28, 2012 Author Posted February 28, 2012 Links to WHERE to download these lists would be a help. Looking to crack WPA/WPA2/WEP keys. Thank you for the ones listed. =) Quote
hanshot1st Posted February 29, 2012 Author Posted February 29, 2012 (edited) I don't use google due to privacy concerns, and as I stated above, I wanted to get suggestions from people who already knew good places to go. This keeps me from sifting thru BS sites that offer crap or have sub-par lists. I do appreciate the link just the same. ;) p.s. I do some of my posts thru friends' smartphones, so i don't always have the option/time to google/search things right away. Edited February 29, 2012 by hanshot1st Quote
digininja Posted February 29, 2012 Posted February 29, 2012 You are going to have a very hard time getting on in the security world if you refuse to use Google. Do you use other search engines or do you just ask other people to search for things for you? Quote
Infiltrator Posted February 29, 2012 Posted February 29, 2012 I wouldn't say Rainbow tables are dead, but I have to agree with Digininja on this one. Rainbows are pretty much ineffective once you go over a certain password length and the only true way to crack it, would be brute forcing it. Hashcat is certainly a tool that you should check out, including the Cuda multiforcer. If you have an Nvidia Cuda graphics card, give these tools a try. Quote
hanshot1st Posted February 29, 2012 Author Posted February 29, 2012 I use DuckDuckGo.com & startpage.com as they do not track. What is the function of HashCat? And do brute forcing attacks work more effectively? Quote
hanshot1st Posted February 29, 2012 Author Posted February 29, 2012 Thank you for the info. The reason for asking people like yourselves for information and suggestions is because when I want to get my car fixed I ask who my friends recommend instead of just opening the phonebook, and hoping the place I choose does a good job. I do use search engines, but it seems more logical to ask someone more knowledgeable for assistance first. Quote
digininja Posted February 29, 2012 Posted February 29, 2012 It is OK asking for people recommendations but you do need to put some effort in yourself. Someone recommended the Church of Wifi tables and you asked for links, searching gets you the links without needing to ask. Similarly, asking what is the function of Hashcat, google that and you'll easily find their homepage and loads of information on what it is and how it works. Quote
hanshot1st Posted March 1, 2012 Author Posted March 1, 2012 It is OK asking for people recommendations but you do need to put some effort in yourself. Someone recommended the Church of Wifi tables and you asked for links, searching gets you the links without needing to ask. Similarly, asking what is the function of Hashcat, google that and you'll easily find their homepage and loads of information on what it is and how it works. That's fair, i guess me asking is a symptom of lack of time to sift thru things on my own. I can't speak for everyone, but myself, i work 70 hours a week. So sometimes finding time to research things gets a bit hairy. =( I do appreciate everyone's input though. You're all very helpful. =) Quote
Infiltrator Posted March 1, 2012 Posted March 1, 2012 Not that I am trying to stick up for rainbow tables or anything but at a certain password length even brute forcing becomes ineffective. I know I know, you would get it eventually with brute force, but by the time the computer got it, you'd probably be dead as it would take a lifetime using machines like ours. Given if you had some mega computer, you might live to see the day but it's still ridiculous how long it takes. Of course, using a standard desktop computer would take you years. But if you could put a cluster of GPUs together, than you won't have to wait for years. On the other hand, we could always wait for the first quantum computer to be available. Quote
Infiltrator Posted March 7, 2012 Posted March 7, 2012 This is off topic but interesting enough since you mentioned quantum computing... http://www.msnbc.msn.com/id/46581073/ns/technology_and_science-innovation/ It seems that "they" are developing encryption based on quantum entanglement by sending light particles as keys. Quite a bit above my head when it comes to physics but interesting just the same. Very interesting article. Thanks for posting it. On the other hand, you should read this article on IBM quantum chip breakthrough. http://www.computerworld.com/s/article/9224670/IBM_touts_quantum_computing_breakthrough Quote
singh763173 Posted March 8, 2012 Posted March 8, 2012 I really want to play with gpu clusters and brute forcing! I keep hearing good things. Anyone want to share there hardware and software setups? :D Quote
digininja Posted March 9, 2012 Posted March 9, 2012 It all depends on budget, ATI cards are currently the best buys but when I bought my kit it was NVidia but both will work fine. The best guide for getting it all working in Linux is on the Hashcat site and Hashcat is the best tool to use so just follow their instructions and you will have a good start. Quote
Infiltrator Posted March 9, 2012 Posted March 9, 2012 I really want to play with gpu clusters and brute forcing! I keep hearing good things. Anyone want to share there hardware and software setups? :D For the hardware side of things, you can buy any of the GTX series graphics card from Nvidia. For the software side of things, you cold use the Cuda multiforcer, the hashcat and or the elcomsoft. On a side note, my preferred cracker would be the Cuda multiforcer it has support for multi-host so it can do parallel cracking, very handy if you have more than one system at home with Cuda graphics card enabled. Quote
singh763173 Posted March 9, 2012 Posted March 9, 2012 Cheers lads, I will be reading up on hashcat when I get in from work. I hae a few machines lying around which I can stick some cards in and start playing with. I'm assuming the cards will be doing all the work so I'm assuming CPU and ram requirements won't too high, right? Quote
digininja Posted March 9, 2012 Posted March 9, 2012 Hashcat it is very light on CPU and memory. Makes it quite weird, you can run an app in a text console and it is perfectly responsive but if you then try to change to a different desktop the process can take many seconds. Quote
Infiltrator Posted January 9, 2013 Posted January 9, 2013 Took a look at this article... Once quantum computing occurs, if it hasn't already in some deep corner of government, what do you think will happen to encryption and cracking? So you think it's just going to get exponentially larger to cope with the faster power? Or a new form of encryption all together? I am certain that once quantum computing has becomes a reality, the current encryption standard will become too weak to be relied upon, that a new form of encryption will need to be engineered. Quote
dienalls Posted January 11, 2013 Posted January 11, 2013 two factor authentication is already a must these days... Quote
oxley Posted January 13, 2013 Posted January 13, 2013 I have also gone away from rainbow tables. I used to use them for sha1 encrypted passwords in database tables, but managing 100GB+ is a pain in the butt. Most sysadmins will agree with how lazy users and admins become, so my dictionary files are about 10MB and using hashcats rules, I my reasonably successful but then you only need one... With WPA/WPA2 unless its a default SSID (and then most time the password will be default) rainbow tables are useless. Quote
digininja Posted January 13, 2013 Posted January 13, 2013 The smart money is back onto rainbow tables now for some stuff, see the work from Cryptohaze Quote
oxley Posted January 13, 2013 Posted January 13, 2013 (edited) I like the multiforcer, as it allows a per-position charset file, which means I can target the most common combinations first. I will be testing shortly and might make this my next step after hashcat has failed with my dictionary files. The client-server setup also has given me a woody, this is something I could never get pyrite to do successfully. But I could just hope for another application with a MySQL backend, with a blank root password and users passwords stored in clear text, and knowing users are lazy and use a similar password on other systems... Ah that was a good week. I'm still not convinced about the rainbow tables, as the time required to generate and space to store, my current cracking machine is a mini-ITX with an i5, 8GB, 60GB SSD and a high end ATI card in Lian-li TU200 case with handle is very portable, and cost effective. Edited January 14, 2013 by oxley Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.