Password Recovery

Gordon, Stanley 2016 / 8 / 25

Last Week Todo

  • 于子軒 trace hashcat source code
  • 翁子皓 write tool for analyzing the cracked password

Trace code

There are about 14000 code in main function

hashcat do nearly all things in one function

Lot's of config

-> compute

-> output

md5crypt is hard to accelerate

It's written in openCL

Amplifiers

what is amplifier - 1

In the real world, GPU cracking is slower than CPU, because it works too fast, computing device can't get enough work to do.

 

Generating candidates on host, then send it to computing device is still slow, cause the bottle neck is I/O, not compute power.

what is amplifier - 2

We accomplish this by splitting attacks up into two loops

  • base loop
    • The base loop is executed on the host and contains the initial password candidates.
  • modifier loop <-  This is amplifier
    •  The modifier loop is executed on the compute device, and generates the rest of the candidates from the initial candidates on the device directly

That's where our acceleration comes from

what is amplifier - 3

Straight mode

  • base loop
    • ​words from the wordlist
  • modifier loop ( amplifier )
    • ​rules are processed in the modifier loop

Hybrid modes

  • base loop
    • words from the wordlist
  • modifier loop
    • brute force mask

 

conclusion

I think we can test if our hardware has a huge computing power gap between CPU and GPUs.

 

Maybe the default amplifier that hashcat distribute for us is not sutiable for our system.

Anaylze Cracked Password

Survey

Statistics Will Crack Your Password

https://www.praetorian.com/blog/statistics-will-crack-your-password-mask-structure

 

Common Rules

https://github.com/praetorian-inc/Hob0Rules

Generate Wordlist

Hashcat Utils

A set of small utilities that are useful in advanced password cracking

 

Can be used to pre-generate wordlists

 

https://github.com/hashcat/hashcat-utils

Hashcat utils

examples:

  • combinator
  • cutb
  • len
  • splitlen
  • ...

Use hashcat itself

$ hashcat <dictonary> <rules> --stdout

 

Run hashcat with --stdout

Hashcat will print out candidates instead of cracking the hashes

Save match rules

$ hashcat --debug-mode=1 --debug-file=match.rule

save the matched rules

then we can see which rule is used the most

 

$ cat match.rule | sort | uniq -c | sort -nr

Password Recovery

By Gordon Ueng

Password Recovery

  • 503