So Linkedin hashes have recently been leaked onto the net, and plenty of people have been cracking them. Meanwhile eHarymony passwords were also leaked!
The hashes are here and a quick download is all thats needed. wget them to prevent your browser from trying to render the entire txt file!
Throwing a dictionary at it with 80,546,115 words in it results in 22% cracked passwords.
12345678910111213141516171819202122232425262728293031$ ./oclHashcat-plus64.bin eharmony.txt -r rules/best64.rule… Continue readingSo recently there has been lots of news about the linkedin password hashes being leaked which was finally confirmed on the linkedin blog.
Many of the hashes first 5 chars are obfuscated with zeros so it’s understood these are the passwords already cracked, presumably the simple ones?
1. There are 3,521,180 hashes that begin with 00000. I believe that these represent hashes that the hackers have already broken and… Continue reading
So today oclHashcat-plus-0.08 was released by atom.
As I like to play with oclHashcat I thought it would be a good idea to update, but this also meant that I would have to update to the catalyst 12.04 drivers.
Before doing this it made sense to run a speed test using the scripts provided on thepasswordproject.com.
Before running these tests it’s important to ensure that your fans are… Continue reading
So you’ve got oclHashcat and you want to practice cracking hashes but you’ve got no hashes? Fear not! There are hashes listed below for you to play with or if you would like to generate hashes yourself download my perl module here and have a play with making them and then cracking yourself: svn checkout http://hashcat-passgen.googlecode.com/svn/trunk/ hashcat-passgen Direct link to code here. (Big thanks to atom at hashcat.net for giving… Continue reading
So I noticed whilst web app testing that would receive a cookie with a value called bIPs: 709aed354747fda133a5da28dbed60e7 95eb48ad7eae5c0aa9766f0258ae8a35
Looks like it’s using a big IP load balancer. I noticed it was MD5 and that was confirmed by finding the code that generates the hash(cheers scriptmonkey).
I decided to use Hashcat to do the bruteforcing. First thing that came to mind was how to use a dictionary containing… Continue reading