Page 3 of 7 FirstFirst 12345 ... LastLast
Results 21 to 30 of 65

Thread: How to break a unix or windows password with john

  1. #21
    Senior Member PrairieFire's Avatar
    Join Date
    Apr 2007
    Posts
    705

    Default

    Quote Originally Posted by guardianx View Post
    IF u have the has file why not use plain-text.com it is a rainbow crack table. it should bust the pw in seconds..
    First you do not always have the luxury of the Internet. Second I doubt plain-text.com can crack anything seeing as how it is a parked domain.... Finally, Plain-text and other online cracking sites can not "bust in seconds" salted hashs which are becoming more and more popular.
    Μολὼν λαβέ - Great spirits encounter heavy opposition from mediocre minds.

  2. #22
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    well that's true........salted passwords is really become popular, but like very security there's a way to break it(past, present or future....)

    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  3. #23
    Junior Member NoobBiscUiT's Avatar
    Join Date
    Jun 2007
    Posts
    58

    Default

    ok i don't know if anybody here knows about hope-six,

    but it's a hacking/network security meeting that happens every year.
    (feel free to correct me)

    i downloaded all the audio from this years meeting, i'm hosting it on azureus right now but nobody wants it evidently..

    AAAAAAAAAnyway i heard that rainbow tables are becoming a thing of the past because of _________ <------- i'll get back to you

    and bruteforcing has too many tradeoffs with time and memory, specifically time. it takes too long sometimes.

    anyway this guy, one of the lecturers (i will edit this later when i boot windows and listen to it again) was talking about he has just over 10 GB of all the possible password combinations and he can crack any password in less than a min, or even less than like 30 seconds alot of the time.

    so basically, what are we going to do when every network security auditor/ enthusiast has 10 GB of password combinations to refrence against and crack instantly?
    seems like it would make passwords ALMOST pointless eventually.

    does anybody know anything about this?
    where will we go from here is my question

  4. #24
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    CALCULATIONS FIXED

    10GB doesn't seem very realistic. I might believe that he gets something around 80% of passwords (lay person passwords) from a 10GB list but I full list of 8 char passwords would take up many TeraBytes.

    (^ = exponent or power of)

    26^8 = 208 827 064 576 Bytes
    = 194.485359 GB (GigaBytes)

    That ignores uppercase, numbers, special characters.

    52^8 = 5.34597285 × 10^13 (w/ uppercase)
    62^8 = 2.18340106 × 10^14 (w/ numbers)
    95^8 = 6.63420431 × 10^15 (w/ special chars [ascii 32-47, 58-64, 91-96, 123-126]) {6,178,584.24 GigaBytes}
    etc... (ascii 0-31 haven't been included)

    Edit: References to rainbow tables becoming obsolete are probably because of:
    http://forums.remote-exploit.org/showthread.php?t=9188
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #25
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by thorin View Post
    10GB doesn't seem very realistic. I might believe that he gets something around 80% of passwords (lay person passwords) from a 10GB list but I full list of 8 char passwords would take up many TeraBytes.
    He heard it on the inturweb, so it must be true.

    Careful with this one though, he might smite thee with fireballs from his arse.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #26
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    I know that a NUMERIC wordlist I created ranging with ALL POSSIBLE COMBOS...from 0-9999999999 was like 9.30 GIGS by itself. Now thats just 10 digits!! Mix All alpha possibilities.... starting with a and ending in zzzzzzzzzz....thats 26 possibilities per character 26^10 power!!!..and thats gonna be MUCH MUCH more than 9.30 gigs!! And thats not counting Uppercase or a mix of them!!..Or more than a 10 character password!! Some passwords are longer than 20 characters!!

    Obviously this guy with his 10GB wordlist..is a moron.

    BTW...Anybody know off hand...whats the longest password you can have concerning WPA/WPA2???
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  7. #27
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    ...thats 26 possibilities per character 26^10 power...
    Edit: See other posts.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #28
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by thorin View Post
    26 possibilities on 10 positions (10^26) not 10 possibilities on 26 positions (26^10).

    Google calc rules!

    Google conversions are cool too.
    You sure its not...

    (26^10) bytes = 131472.103 gigabytes

    cause... ....

    (10^26) bytes = 9.31322575 × 1016 gigabytes
    EQUALS...
    9.31322575 × 1016 gigabytes = 9.24046617 terabytes



    doesn't sound right. ..........

    Because there are 26 possibilities per character..and that to the 10th power is
    (26^10) bytes = 131472.103 gigabytes


    I think I'm right.

    But then again..I am taking DMAT 0097 remedial college algebra!!
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  9. #29
    Junior Member NoobBiscUiT's Avatar
    Join Date
    Jun 2007
    Posts
    58

    Default

    Quote Originally Posted by ZaTch View Post
    ok i don't know if anybody here knows about hope-six,

    but it's a hacking/network security meeting that happens every year.
    (feel free to correct me)

    i downloaded all the audio from this years meeting, i'm hosting it on azureus right now but nobody wants it evidently..

    AAAAAAAAAnyway i heard that rainbow tables are becoming a thing of the past because of _________ <------- i'll get back to you

    and bruteforcing has too many tradeoffs with time and memory, specifically time. it takes too long sometimes.

    anyway this guy, one of the lecturers (i will edit this later when i boot windows and listen to it again) was talking about he has just over 10 GB of all the possible password combinations and he can crack any password in less than a min, or even less than like 30 seconds alot of the time.

    so basically, what are we going to do when every network security auditor/ enthusiast has 10 GB of password combinations to refrence against and crack instantly?
    seems like it would make passwords ALMOST pointless eventually.

    does anybody know anything about this?
    where will we go from here is my question

    -------------------------------------------------------------------------------------------------------

    ok this is the edit, i lied about some stuff but heres the just of it..

    the guy's name is jason aridas, he is a security officer and works with hospitals and spends most of his time in research.

    the thing he was talking about was time-memory tradeoff, essentiall he was giving up about 1.8 TB of storage for saving time in cracking passwords instantly.

    this is all based on a hash database system, he used md5lookup.
    he saved all password combinations up to 8 digits long to multiple hard-drives and brought them up when he was cracking.
    he can do 60 passwords in under a min. and 1 instantly.

    he said that rainbow tables are weak and innacurate WHEN you are cracking ALOT of passwords.

    you save time by saving all these combonations to a hd or multiple hd's.
    this would really only be possible in a large security firm, unless you decided to collect hd's for a hobby.

    i just thought it was neat though.

  10. #30
    Junior Member NoobBiscUiT's Avatar
    Join Date
    Jun 2007
    Posts
    58

    Default

    I"M SORRY I MISSED TWO ZEROS IT WAS ONE IN THE MORNING HERE!

    ha ha ha jk, see my previous post though

Page 3 of 7 FirstFirst 12345 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •