|
Search Results
|
| Post
[asc]
|
Author |
Forum |
Replies |
Views |
Posted |
| |
|
Thread: Unknown salt
Post: Unknown salt
| I have a bunch of MD5 hashes created with an algorithm md5(md5($pass).$salt) where $salt is an unknown 3-character string (different for each hash.)
It seems that there's a semi-undocumented mode -... |
|
mrfancypants |
hashcat
|
5 |
5,390 |
05-21-2017, 02:35 AM |
| |
|
Thread: Unknown salt
Post: RE: Unknown salt
| That would only work for a small number of hashes. Otherwise it'll slow down the attack a lot more than 95^3 (which is why I was hoping for an automated in-memory solution.)
Let's say I have a 100M w... |
|
mrfancypants |
hashcat
|
5 |
5,390 |
05-22-2017, 07:10 AM |
| |
|
Thread: Minimum investment on a descent rig for 16+ character NTLM passwords
Post: RE: Minimum investment on a descent rig for 16+ ch...
| For reference. I've just grabbed a list of 7500 NTLM hashes (which is what you'd dump from a SAM database) from another forum and hit it with my dictionaries using a NVIDIA GeForce 980 Ti.
It took ... |
|
mrfancypants |
Hardware
|
10 |
8,018 |
05-08-2018, 11:02 PM |
| |
|
Thread: Minimum investment on a descent rig for 16+ character NTLM passwords
Post: RE: Minimum investment on a descent rig for 16+ ch...
|
phildo Wrote: (05-08-2018, 11:52 PM)
--
(Sorry if this post is about to go off topic- but now I'm curious!)
Wait- how? Just to make sure- a dictionary is a list of password possibilities ("MyPa5... |
|
mrfancypants |
Hardware
|
10 |
8,018 |
05-09-2018, 12:47 AM |
| |
|
Thread: Mask starting with a dash
Post: RE: Mask starting with a dash
| But, as my examples show, hashcat won't honor any attempts to escape the leading dash. If I write '-?d' or \-?d instead of -?d, that $ or \ goes straight into the mask.
And besides, it should be ab... |
|
mrfancypants |
hashcat
|
4 |
3,490 |
05-08-2018, 07:03 PM |
| |
|
Thread: Mask starting with a dash
Post: RE: Mask starting with a dash
|
mrfancypants |
hashcat
|
4 |
3,490 |
05-08-2018, 07:59 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| The following seems to be the format for most Ubee DVW326 routers (SSID DVW326.XXXXXX-2.4G):
-1 ?u?d -2 CDE ?2?H?14M1300?d?d?d?d |
|
mrfancypants |
User Contributions
|
182 |
305,384 |
04-23-2017, 01:38 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| All models I see on eBay have serial numbers ending on 4M1300****. It is possible that models with SNs ending on 3V100**** (as in the example given by the manual) also exist. |
|
mrfancypants |
User Contributions
|
182 |
305,384 |
05-21-2017, 02:52 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| ATTxxxxxxx's bug me, they are up to 20% of all my uncracked handshakes and they seem to be invulnerable to all attacks.
I've collected more passwords from eBay, with associated SSIDs, MACs, SNs and... |
|
mrfancypants |
User Contributions
|
182 |
305,384 |
06-05-2017, 12:06 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| Meanwhile I spent an unproductive day trying to reverse engineer the router firmware. It is not uncommon that the WPA key is generated internally by the router from the serial number (https://www.usen... |
|
mrfancypants |
User Contributions
|
182 |
305,384 |
06-06-2017, 05:59 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| Said the guy named "epixoip" |
|
mrfancypants |
User Contributions
|
182 |
305,384 |
06-06-2017, 07:20 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
soxrok2212 Wrote: (06-07-2017, 12:21 AM)
--
mrfancypants Wrote: (06-06-2017, 05:59 AM)
--
P.S. In case anyone ever wants to pick up where I left off, here are some pointers.
Firmwares are at http:/... |
|
mrfancypants |
User Contributions
|
182 |
305,384 |
06-09-2017, 10:56 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
soxrok2212 Wrote: (06-10-2017, 05:33 AM)
--
I grabbed a few copies before they were removed. Unfortunately I don't have much time to work with this, but where did you get the firmware? Btw, you can t... |
|
mrfancypants |
User Contributions
|
182 |
305,384 |
06-12-2017, 03:14 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
soxrok2212 Wrote: (06-17-2017, 05:13 PM)
--
I have the firmwares extracted and file systems mounted, but only /bin is populated. There are just common linux binaries. In the past, the only relevant b... |
|
mrfancypants |
User Contributions
|
182 |
305,384 |
06-19-2017, 11:36 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
fart-box Wrote: (06-20-2017, 10:12 PM)
--
I'm afraid I have to agree with Mrfancypants when he said "it looks like these routers come with the 10-char SSID and the non-alphanumeric password burned di... |
|
mrfancypants |
User Contributions
|
182 |
305,384 |
06-21-2017, 08:32 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| I've finally worked out part of the algorithm for 589/599. Not enough to crack it (in fact, with what I worked out, it's totally possible that it's [effectively] uncrackable because they feed it from ... |
|
mrfancypants |
User Contributions
|
182 |
305,384 |
06-28-2017, 03:19 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| AHA!
Code:
--
>>> def gen_599_pw(x):
... x=int(float(x*(2**32+2)))
... pw=''
... for n in range(0,12):
... rem=x%37
... pw=pw_charset[rem... |
|
mrfancypants |
User Contributions
|
182 |
305,384 |
06-30-2017, 12:01 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
fart-box Wrote: (06-29-2017, 09:24 PM)
--
I hope that you will explain this in great detail for the benefit of those of us who struggle with programing. I, for instance, got lost at your clue 'set bi... |
|
mrfancypants |
User Contributions
|
182 |
305,384 |
06-30-2017, 12:38 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| That's Python (2.x) and no, you don't need an environment or an IDE, you can even do this
https://repl.it/JMbi/0
I go for MSVC++ for computationally expensive stuff, but, for basic analysis, command... |
|
mrfancypants |
User Contributions
|
182 |
305,384 |
07-04-2017, 08:51 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
fart-box Wrote: (07-05-2017, 12:21 AM)
--
Thank you, Mrfancypants! Maybe I'm getting too old for this, but Python never even crossed my mind for some reason. Less than a minute after booting up Linux... |
|
mrfancypants |
User Contributions
|
182 |
305,384 |
07-05-2017, 02:16 AM |
