bruteforce

So I got bored this evening and decided to write a quick and simple python SSH bruteforcer (I wanted to learn how to use paramiko).

It takes the dictionary in a user:pass format.

It’s not the most efficient as it uses a sleep (300ms) function, if i get the time to play i’ll use some form of thread queuing to ensure that you can throttle the requests. Might also be… Continue reading

Quiet often people ask me to bruteforce a hash for them. My usual response after the obligatory; where did you get the hash from? is “I’ll run a few dictionaries against it unless you provide me with a charset and length!”

For those that don’t understand it needs to be made clear exactly what bruteforce cracking means.

Lets just say we have a four character pin that can only… Continue reading

So Linkedin hashes have recently been leaked onto the net, and plenty of people have been cracking them. Meanwhile eHarymony passwords were also leaked!

The hashes are here and a quick download is all thats needed. wget them to prevent your browser from trying to render the entire txt file!

Throwing a dictionary at it with 80,546,115 words in it results in 22% cracked passwords.

12345678910111213141516171819202122232425262728293031$ ./oclHashcat-plus64.bin eharmony.txt -r rules/best64.rule… Continue reading

So recently there has been lots of news about the linkedin password hashes being leaked which was finally confirmed on the linkedin blog.

Many of the hashes first 5 chars are obfuscated with zeros so it’s understood these are the passwords already cracked, presumably the simple ones?

1. There are 3,521,180 hashes that begin with 00000. I believe that these represent hashes that the hackers have already broken and… Continue reading

I have wrote an automated WPA cracking script (matts-wpacrack.sh). Let me know if you have any improvements.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140#!/bin/bash # wpacrack.sh v.1.1 # Create by Matthew Phillips # New versions can be downloaded from www.phillips321.co.uk # VERSION="1.1" # This tool requires aircrack-ng tools to be installed and run as root # # ChangeLog.... # Version 1.1 - Randomises MAC Address on start # Version 1.0 - First Release ################################################################# # CHECKING… Continue reading