Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <60378.108.4.184.109.1339362070.squirrel@webmail.tuffmail.net>
Date: Sun, 10 Jun 2012 17:01:10 -0400 (EDT)
From: "Brad Tilley" <brad@...ystems.com>
To: john-users@...ts.openwall.com
Subject: Re: JtR to process the LinkedIn hash dump

> Are you comfortable sharing some of your details about which wordlists
> and what markov settings you used?
> I've had JtR running against the list for two days now using pretty much
> nothing (./john filename.txt) .. and I'm at something like 200k cracked
> hashes. I'd love to 'improve my score' as it were, but I've never been
> able to get my head wrapped around how to properly use markov mode..
>
> -Dan

Dan

I can't speak about markov mode, I'm sure someone else will though.

200K is rather low. Are you sure you have the patch that supports the
raw-sha1_li format? That's the first thing I would double check. Before
applying that patch, I only cracked about 100K of the 'raw-sha1' format.
Those hashes seem a bit tougher than the others. Also, be sure JtR is
built with OpenMP so all of your cores will be in use.

In addition to the default JtR word list, skullsecurity.org has some nice
word lists so does the insidepro website. I found the rockyou list to be
very good against these. Once you've cracked enough, just keep recycling
them. I cut the cracked passwords out of the pot file with awk like so:

awk -F : '{print $2}' your.pot > cracked.txt

You can then insert, append, prepend, etc. into that wordlist. That's
pretty productive as well. I also use the --frequent option in wm to
identify the most common strings, then I append, prepend and insert those
into cracked.txt. wm --replace works very well too. It replaces every
character in the cracked password with a character from the specified
charset.

Combining all of these approaches along with common CV patterns is how
I've done it so far. There's a lot of iteration involved and each
subsequent one produces a bit less cracks. And when the results are too
few, I start brute-forcing the six char space using at first lower letters
and numbers, and gradually moving up from that.

Also, I only used a CPU, no GPU.

Hope this helps,

Brad

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.