|
Message-ID: <4FD50EA1.9060401@atenlabs.com> Date: Sun, 10 Jun 2012 14:16:17 -0700 From: Dan Tentler <dan@...nlabs.com> To: john-users@...ts.openwall.com Subject: Re: JtR to process the LinkedIn hash dump On 6/10/12 2:01 PM, Brad Tilley wrote: > Dan > > I can't speak about markov mode, I'm sure someone else will though. > > 200K is rather low. Are you sure you have the patch that supports the > raw-sha1_li format? That's the first thing I would double check. Before > applying that patch, I only cracked about 100K of the 'raw-sha1' format. > Those hashes seem a bit tougher than the others. Also, be sure JtR is > built with OpenMP so all of your cores will be in use. I'll have to check on that to be certain, I cant remember if the box I'm using has openMP on it or not. It may, but I didn't run john with mpirun, so that may be affecting things.. Also, I went and fetched 1.7.9-jumbo5 - is the patch already in there or do I need to apply it? I suppose I should just go and look properly :) > > In addition to the default JtR word list, skullsecurity.org has some nice > word lists so does the insidepro website. I found the rockyou list to be > very good against these. Once you've cracked enough, just keep recycling > them. I cut the cracked passwords out of the pot file with awk like so: Oh yes. Skullsecurity are my go-to guys for wordlists :) Currently I have all their lists, and I cat them all together, remove dupes, and I end up with something like 443 meg "massive.txt" file of all of them. I haven't tried anything other than just hitting the leaked list with john directly, so I'll try the wordlist next to see if anything new turns up. > > awk -F : '{print $2}' your.pot > cracked.txt > > You can then insert, append, prepend, etc. into that wordlist. That's > pretty productive as well. I also use the --frequent option in wm to > identify the most common strings, then I append, prepend and insert those > into cracked.txt. wm --replace works very well too. It replaces every > character in the cracked password with a character from the specified > charset. Thats crafty! I'll do that as well! > > Combining all of these approaches along with common CV patterns is how > I've done it so far. There's a lot of iteration involved and each > subsequent one produces a bit less cracks. And when the results are too > few, I start brute-forcing the six char space using at first lower letters > and numbers, and gradually moving up from that. > > Also, I only used a CPU, no GPU. > > Hope this helps, It totally helps! I owe you a beer! If you're at con this year, I'm happy to share a pint! -Dan
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.