Password Recovery
Gordon, Stanley 2016 / 8 / 25
Last Week Todo
- 于子軒 trace hashcat source code
- 翁子皓 write tool for analyzing the cracked password
Trace code
There are about 14000 code in main function
hashcat do nearly all things in one function
Lot's of config
-> compute
-> output
md5crypt is hard to accelerate
It's written in openCL
Amplifiers
what is amplifier - 1
In the real world, GPU cracking is slower than CPU, because it works too fast, computing device can't get enough work to do.
Generating candidates on host, then send it to computing device is still slow, cause the bottle neck is I/O, not compute power.
what is amplifier - 2
We accomplish this by splitting attacks up into two loops
- base loop
- The base loop is executed on the host and contains the initial password candidates.
- modifier loop <- This is amplifier
- The modifier loop is executed on the compute device, and generates the rest of the candidates from the initial candidates on the device directly
That's where our acceleration comes from
what is amplifier - 3
Straight mode
-
base loop
- words from the wordlist
-
modifier loop ( amplifier )
- rules are processed in the modifier loop
Hybrid modes
- base loop
- words from the wordlist
- modifier loop
- brute force mask
conclusion
I think we can test if our hardware has a huge computing power gap between CPU and GPUs.
Maybe the default amplifier that hashcat distribute for us is not sutiable for our system.
Anaylze Cracked Password
Survey
Statistics Will Crack Your Password
https://www.praetorian.com/blog/statistics-will-crack-your-password-mask-structure
Common Rules
https://github.com/praetorian-inc/Hob0Rules
Generate Wordlist
Hashcat Utils
A set of small utilities that are useful in advanced password cracking
Can be used to pre-generate wordlists
https://github.com/hashcat/hashcat-utils
Hashcat utils
examples:
- combinator
- cutb
- len
- splitlen
- ...
Use hashcat itself
$ hashcat <dictonary> <rules> --stdout
Run hashcat with --stdout
Hashcat will print out candidates instead of cracking the hashes
Save match rules
$ hashcat --debug-mode=1 --debug-file=match.rule
save the matched rules
then we can see which rule is used the most
$ cat match.rule | sort | uniq -c | sort -nr
Password Recovery
By Gordon Ueng
Password Recovery
- 503