Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4FD50EA1.9060401@atenlabs.com>
Date: Sun, 10 Jun 2012 14:16:17 -0700
From: Dan Tentler <dan@...nlabs.com>
To: john-users@...ts.openwall.com
Subject: Re: JtR to process the LinkedIn hash dump



On 6/10/12 2:01 PM, Brad Tilley wrote:

> Dan
>
> I can't speak about markov mode, I'm sure someone else will though.
>
> 200K is rather low. Are you sure you have the patch that supports the
> raw-sha1_li format? That's the first thing I would double check. Before
> applying that patch, I only cracked about 100K of the 'raw-sha1' format.
> Those hashes seem a bit tougher than the others. Also, be sure JtR is
> built with OpenMP so all of your cores will be in use.
I'll have to check on that to be certain, I cant remember if the box I'm
using has openMP on it or not. It may, but I didn't run john with
mpirun, so that may be affecting things..
Also, I went and fetched 1.7.9-jumbo5 - is the patch already in there or
do I need to apply it? I suppose I should just go and look properly :)

>
> In addition to the default JtR word list, skullsecurity.org has some nice
> word lists so does the insidepro website. I found the rockyou list to be
> very good against these. Once you've cracked enough, just keep recycling
> them. I cut the cracked passwords out of the pot file with awk like so:
Oh yes. Skullsecurity are my go-to guys for wordlists :)
Currently I have all their lists, and I cat them all together, remove
dupes, and I end up with something like 443 meg "massive.txt" file of
all of them. I haven't tried anything other than just hitting the leaked
list with john directly, so I'll try the wordlist next to see if
anything new turns up.
>
> awk -F : '{print $2}' your.pot > cracked.txt
>
> You can then insert, append, prepend, etc. into that wordlist. That's
> pretty productive as well. I also use the --frequent option in wm to
> identify the most common strings, then I append, prepend and insert those
> into cracked.txt. wm --replace works very well too. It replaces every
> character in the cracked password with a character from the specified
> charset.
Thats crafty! I'll do that as well!

>
> Combining all of these approaches along with common CV patterns is how
> I've done it so far. There's a lot of iteration involved and each
> subsequent one produces a bit less cracks. And when the results are too
> few, I start brute-forcing the six char space using at first lower letters
> and numbers, and gradually moving up from that.
>
> Also, I only used a CPU, no GPU.
>
> Hope this helps,

It totally helps! I owe you a beer! If you're at con this year, I'm
happy to share a pint!

-Dan

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.