Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 10 Jun 2012 14:16:17 -0700
From: Dan Tentler <dan@...nlabs.com>
To: john-users@...ts.openwall.com
Subject: Re: JtR to process the LinkedIn hash dump



On 6/10/12 2:01 PM, Brad Tilley wrote:

> Dan
>
> I can't speak about markov mode, I'm sure someone else will though.
>
> 200K is rather low. Are you sure you have the patch that supports the
> raw-sha1_li format? That's the first thing I would double check. Before
> applying that patch, I only cracked about 100K of the 'raw-sha1' format.
> Those hashes seem a bit tougher than the others. Also, be sure JtR is
> built with OpenMP so all of your cores will be in use.
I'll have to check on that to be certain, I cant remember if the box I'm
using has openMP on it or not. It may, but I didn't run john with
mpirun, so that may be affecting things..
Also, I went and fetched 1.7.9-jumbo5 - is the patch already in there or
do I need to apply it? I suppose I should just go and look properly :)

>
> In addition to the default JtR word list, skullsecurity.org has some nice
> word lists so does the insidepro website. I found the rockyou list to be
> very good against these. Once you've cracked enough, just keep recycling
> them. I cut the cracked passwords out of the pot file with awk like so:
Oh yes. Skullsecurity are my go-to guys for wordlists :)
Currently I have all their lists, and I cat them all together, remove
dupes, and I end up with something like 443 meg "massive.txt" file of
all of them. I haven't tried anything other than just hitting the leaked
list with john directly, so I'll try the wordlist next to see if
anything new turns up.
>
> awk -F : '{print $2}' your.pot > cracked.txt
>
> You can then insert, append, prepend, etc. into that wordlist. That's
> pretty productive as well. I also use the --frequent option in wm to
> identify the most common strings, then I append, prepend and insert those
> into cracked.txt. wm --replace works very well too. It replaces every
> character in the cracked password with a character from the specified
> charset.
Thats crafty! I'll do that as well!

>
> Combining all of these approaches along with common CV patterns is how
> I've done it so far. There's a lot of iteration involved and each
> subsequent one produces a bit less cracks. And when the results are too
> few, I start brute-forcing the six char space using at first lower letters
> and numbers, and gradually moving up from that.
>
> Also, I only used a CPU, no GPU.
>
> Hope this helps,

It totally helps! I owe you a beer! If you're at con this year, I'm
happy to share a pint!

-Dan

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.