|
Search Results
|
| Post |
Author |
Forum
[desc]
|
Replies |
Views |
Posted |
| |
|
Thread: Minimum investment on a descent rig for 16+ character NTLM passwords
Post: RE: Minimum investment on a descent rig for 16+ ch...
| For reference. I've just grabbed a list of 7500 NTLM hashes (which is what you'd dump from a SAM database) from another forum and hit it with my dictionaries using a NVIDIA GeForce 980 Ti.
It took ... |
|
mrfancypants |
Hardware
|
10 |
8,015 |
05-08-2018, 11:02 PM |
| |
|
Thread: Minimum investment on a descent rig for 16+ character NTLM passwords
Post: RE: Minimum investment on a descent rig for 16+ ch...
|
phildo Wrote: (05-08-2018, 11:52 PM)
--
(Sorry if this post is about to go off topic- but now I'm curious!)
Wait- how? Just to make sure- a dictionary is a list of password possibilities ("MyPa5... |
|
mrfancypants |
Hardware
|
10 |
8,015 |
05-09-2018, 12:47 AM |
| |
|
Thread: Unknown salt
Post: Unknown salt
| I have a bunch of MD5 hashes created with an algorithm md5(md5($pass).$salt) where $salt is an unknown 3-character string (different for each hash.)
It seems that there's a semi-undocumented mode -... |
|
mrfancypants |
hashcat
|
5 |
5,390 |
05-21-2017, 02:35 AM |
| |
|
Thread: Unknown salt
Post: RE: Unknown salt
| That would only work for a small number of hashes. Otherwise it'll slow down the attack a lot more than 95^3 (which is why I was hoping for an automated in-memory solution.)
Let's say I have a 100M w... |
|
mrfancypants |
hashcat
|
5 |
5,390 |
05-22-2017, 07:10 AM |
| |
|
Thread: Mask starting with a dash
Post: RE: Mask starting with a dash
| But, as my examples show, hashcat won't honor any attempts to escape the leading dash. If I write '-?d' or \-?d instead of -?d, that $ or \ goes straight into the mask.
And besides, it should be ab... |
|
mrfancypants |
hashcat
|
4 |
3,490 |
05-08-2018, 07:03 PM |
| |
|
Thread: Mask starting with a dash
Post: RE: Mask starting with a dash
|
mrfancypants |
hashcat
|
4 |
3,490 |
05-08-2018, 07:59 PM |
| |
|
Thread: Mask starting with a dash
Post: Mask starting with a dash
| Looks like hashcat has a problem with masks that start with a dash:
Code:
--
e:\hashcat-4.1.0>hashcat64 -O -w 3 -m 0 -a 6 --gpu-temp-disable 66343_left.txt files -?d
hashcat64: unknown option -- ... |
|
mrfancypants |
hashcat
|
4 |
3,490 |
05-08-2018, 09:39 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| The following seems to be the format for most Ubee DVW326 routers (SSID DVW326.XXXXXX-2.4G):
-1 ?u?d -2 CDE ?2?H?14M1300?d?d?d?d |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
04-23-2017, 01:38 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| All models I see on eBay have serial numbers ending on 4M1300****. It is possible that models with SNs ending on 3V100**** (as in the example given by the manual) also exist. |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
05-21-2017, 02:52 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| ATTxxxxxxx's bug me, they are up to 20% of all my uncracked handshakes and they seem to be invulnerable to all attacks.
I've collected more passwords from eBay, with associated SSIDs, MACs, SNs and... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
06-05-2017, 12:06 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| Meanwhile I spent an unproductive day trying to reverse engineer the router firmware. It is not uncommon that the WPA key is generated internally by the router from the serial number (https://www.usen... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
06-06-2017, 05:59 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| Said the guy named "epixoip" |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
06-06-2017, 07:20 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
soxrok2212 Wrote: (06-07-2017, 12:21 AM)
--
mrfancypants Wrote: (06-06-2017, 05:59 AM)
--
P.S. In case anyone ever wants to pick up where I left off, here are some pointers.
Firmwares are at http:/... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
06-09-2017, 10:56 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
soxrok2212 Wrote: (06-10-2017, 05:33 AM)
--
I grabbed a few copies before they were removed. Unfortunately I don't have much time to work with this, but where did you get the firmware? Btw, you can t... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
06-12-2017, 03:14 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
soxrok2212 Wrote: (06-17-2017, 05:13 PM)
--
I have the firmwares extracted and file systems mounted, but only /bin is populated. There are just common linux binaries. In the past, the only relevant b... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
06-19-2017, 11:36 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| Give me the first 8 letters of the key from your 589. |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
07-10-2017, 12:07 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| That's a 599-type password (my previous code snippet) (some 589s have these) and the complete password should be b=+#gc5qr9gt
https://repl.it/JMbi/4 |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
07-10-2017, 02:37 AM |
| |
|
Thread: Hashcat WPA web UI
Post: RE: Hashcat WPA web UI
| It's similar, but much smaller and lighter (300 lines of code), with no dependencies other than python and hashcat, and aimed at Windows.
I'll take a look at yours. |
|
mrfancypants |
User Contributions
|
2 |
4,168 |
04-07-2018, 10:41 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| Arris TG2472 routers
SSID: 6 hex upper (e.g 89ABCD)
Observed key formats:
?u?d,?1BULACC3?d?d?d?d?d
?u?d,?12ULAED3?d?d?d?d?d
?u?d,?12ULAEG3?d?d?d?d?d
?u?d,?1BUL7583?d?d?d?d?d
?u?d,?1BUL6463?... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
04-07-2018, 11:23 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
fart-box Wrote: (04-23-2018, 01:04 AM)
--
And one last thing regarding four alpha characters in a row... The last character in the password is added to the key, almost as an afterthought, at the end ... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
04-24-2018, 08:32 PM |
