eHarmony GPU hash cracking and pipal analysis

So Linkedin hashes have recently been leaked onto the net, and plenty of people have been cracking them. Meanwhile eHarymony passwords were also leaked!

The hashes are here and a quick download is all thats needed. wget them to prevent your browser from trying to render the entire txt file!

Throwing a dictionary at it with 80,546,115 words in it results in 22% cracked passwords.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
$ ./oclHashcat-plus64.bin eharmony.txt -r rules/best64.rule /wordlists/all -o eharmony_cracked.txt
oclHashcat-plus v0.08 by atom starting...
Hashes: 1513805
Unique digests: 1513805
Bitmaps: 21 bits, 1048576 entries, 0x000fffff mask, 4194304 bytes
Rules: 78
GPU-Loops: 128
GPU-Accel: 40
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Cayman, 2048MB, 0Mhz, 22MCU
Device #1: Allocating 132MB host-memory
Device #1: Kernel ./kernels/4098/m0000_a0.Cayman.64.kernel (1017600 bytes)
Scanning dictionary /wordlists/all: 1047584 bytes (0.11%), 95282 words, 743Scanning dictionary /wordlists/all: 142470999 bytes (14.73%), 14334904 wordScanning dictionary /wordlists/all: 774778437 bytes (80.13%), 70419646 wordScanned dictionary /wordlists/all: 966941733 bytes, 80546115 words, 6282596970 keyspace, starting attack...
[s]tatus [p]ause [r]esume [q]uit =>
Status.......: Exhausted
Rules.Type...: File (rules/best64.rule)
Input.Mode...: File (/wordlists/all)
Hash.Target..: File (eharmony.txt)
Hash.Type....: MD5
Time.Running.: 1 min, 47 secs
Time.Left....: 0 secs
Time.Util....: 107586.1ms/8581.7ms Real/CPU, 8.7% idle
Speed........: 49834.4k c/s Real,   340.2M c/s GPU
Recovered....: 336064/1513805 Digests, 0/1 Salts
Progress.....: 6282596970/6282596970 (100.00%)
Rejected.....: 921106758/6282596970 (14.66%)
HW.Monitor.#1: 25% GPU, 47c Temp
Started: Fri Jun  8 17:05:58 2012
Stopped: Fri Jun  8 17:07:49 2012

From a quick look of the passwords being cracked it looks as though they are all being coverted to UPPERCASE before the MD5 hashing algorithm is being applied:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
a8c8b4a90fe6388ab0186cd91d9a3310:UDDUDD
2a79fe3deb34c778e8e314f7c0635e10:KLEMENTE
0a49a8273be7d92c430c94bb328b5f10:1ODONOVAN
2987d667ca22e84d938a76a4e225b410:DKADKA
77044ebe74a1164c392698919901be10:CASILLAS77
d73b2f64cc4c5b7f0ff0b4b567e2cc10:RSLARSLA
ed244698bd3b0dc29337e95cd502d310:VINSKY
dc8d30ee20d2efc2ac184c209709dd10:LINETA
94587c0c5a469a4c207d1ed35d12e910:BADGURL1
45331b07c71001234a40134745294911:TMATMA
b26cd6bfa5539103141a1ea5d91b4a11:C0L0MBIA
35463970c55f5a60a18bae9fa3724b11:WEBSTAR1
5faccfde0e3af22471822dcb8f3c4f11:KUSUMO
cf10578cf078d9995d79dd2144425111:KOTIKI
c4b6d73f5e120f9df38105d720b67411:BIMANN
15e78a2ae1141216487bcaeb51808711:GUEGUE
fb808931d19048b6bbdde175a3d18c11:GADOSKI
27de447ce1e241ec30e2aa02cb48a011:HEINI1
4ed25db987dd34c57e72715dec73c711:MAGODEOZ1
bae3b18c16de4c373c7653ebf9caf011:DRILLING12

Using this I’m going to attempt a bruteforce 8 character attack using UPPERCASE and digits to see how well it does (minimum password length of 5chars). We’ll need to run the brute force for each length 5-8 so we’ll do the following:

  • -1 ?u?d ?1?1?1?1?1 (5 chars)
  • -1 ?u?d ?1?1?1?1?1?1 (6 chars)
  • -1 ?u?d ?1?1?1?1?1?1?1 (7 chars)
  • -1 ?u?d ?1?1?1?1?1?1?1?1 (8 chars)

The 8 char length took 51 minutes on my PC (left GPU at no more than 90% so that PC was still useable)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
---------- 5 char ---------
Status.......: Exhausted
Input.Mode...: Mask (?1?1?1?1?1)
Hash.Target..: File (eharmony.txt)
Hash.Type....: MD5
Time.Running.: 13 secs
Time.Left....: 0 secs
Time.Util....: 13013.2ms/14.4ms Real/CPU, 0.1% idle
Speed........:  4646.5k c/s Real,  4886.3k c/s GPU
Recovered....: 46587/1513805 Digests, 0/1 Salts
Progress.....: 60466176/60466176 (100.00%)
Rejected.....: 0/60466176 (0.00%)
HW.Monitor.#1: 16% GPU, 48c Temp
---------- 6 char ---------
Status.......: Exhausted
Input.Mode...: Mask (?1?1?1?1?1?1)
Hash.Target..: File (eharmony.txt)
Hash.Type....: MD5
Time.Running.: 1 min, 11 secs
Time.Left....: 0 secs
Time.Util....: 71149.9ms/13.4ms Real/CPU, 0.0% idle
Speed........: 30594.3k c/s Real, 17782.3k c/s GPU
Recovered....: 253159/1513805 Digests, 0/1 Salts
Progress.....: 2176782336/2176782336 (100.00%)
Rejected.....: 0/2176782336 (0.00%)
HW.Monitor.#1:  0% GPU, 48c Temp
---------- 7 char ---------
Status.......: Exhausted
Input.Mode...: Mask (?1?1?1?1?1?1?1)
Hash.Target..: File (eharmony.txt)
Hash.Type....: MD5
Time.Running.: 3 mins, 41 secs
Time.Left....: 0 secs
Time.Util....: 221940.9ms/13.9ms Real/CPU, 0.0% idle
Speed........:   353.1M c/s Real,   286.8M c/s GPU
Recovered....: 279715/1513805 Digests, 0/1 Salts
Progress.....: 78364164096/78364164096 (100.00%)
Rejected.....: 0/78364164096 (0.00%)
HW.Monitor.#1: 33% GPU, 52c Temp
---------- 8 char ---------
Status.......: Exhausted
Input.Mode...: Mask (?1?1?1?1?1?1?1?1)
Hash.Target..: File (eharmony.txt)
Hash.Type....: MD5
Time.Running.: 51 mins, 55 secs
Time.Left....: 0 secs
Time.Util....: 3115494.9ms/488.0ms Real/CPU, 0.0% idle
Speed........:   905.5M c/s Real,   453.2M c/s GPU
Recovered....: 251261/1513805 Digests, 0/1 Salts
Progress.....: 2821109907456/2821109907456 (100.00%)
Rejected.....: 0/2821109907456 (0.00%)
HW.Monitor.#1: 38% GPU, 57c Temp

combined that’s 830722 (54% of the hashes):

1
2
$wc -l eharmony_cracked_brute.txt
830722 eharmony_cracked_brute.txt

So combined with the wordlist attempt and removing the duplicates gives us 919326 cracked passwords, that’s 60%.

Maybe with more time, more GPUs and including special charters would get me further? I dont think running it for 5 days would do me much good in the electricity and heat department! ?u?d?s

1
2
3
4
5
6
7
8
9
10
11
12
Status.......: Running
Input.Mode...: Mask (?1?1?1?1?1?1?1?1)
Hash.Target..: File (eharmony.txt)
Hash.Type....: MD5
Time.Running.: 8 secs
Time.Left....: 5 days, 10 hours
Time.Util....: 8851.9ms/0.0ms Real/CPU, 0.0% idle
Speed........:  1097.8M c/s Real,  1126.6M c/s GPU
Recovered....: 128/1513805 Digests, 0/1 Salts
Progress.....: 9717678080/513798374428641 (0.00%)
Rejected.....: 0/9717678080 (0.00%)
HW.Monitor.#1: 91% GPU, 50c Temp

I thought it would make sense to run pipal(by digininja) against it, especially for some more info into the masks to use.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
Total entries = 919325
Total unique entries = 919325

Top 10 passwords
JDKING7 = 1 (0.0%)
DIGFAST = 1 (0.0%)
EP65KZ = 1 (0.0%)
ZEN1964 = 1 (0.0%)
IDNASG = 1 (0.0%)
SIDDIPET = 1 (0.0%)
JCSLIGHT = 1 (0.0%)
CATSGOT = 1 (0.0%)
OCIMAFAN = 1 (0.0%)
ACAASA = 1 (0.0%)

Top 10 base words
lisa = 246 (0.03%)
tina = 190 (0.02%)
eric = 175 (0.02%)
usmc = 169 (0.02%)
mama = 160 (0.02%)
nana = 156 (0.02%)
barb = 152 (0.02%)
emma = 150 (0.02%)
lola = 143 (0.02%)
diva = 139 (0.02%)

Password length (length ordered)
5 = 46600 (5.07%)
6 = 253175 (27.54%)
7 = 279736 (30.43%)
8 = 251294 (27.33%)
9 = 37970 (4.13%)
10 = 27265 (2.97%)
11 = 11438 (1.24%)
12 = 6525 (0.71%)
13 = 3315 (0.36%)
14 = 1885 (0.21%)
15 = 133 (0.01%)

Password length (count ordered)
7 = 279736 (30.43%)
6 = 253175 (27.54%)
8 = 251294 (27.33%)
5 = 46600 (5.07%)
9 = 37970 (4.13%)
10 = 27265 (2.97%)
11 = 11438 (1.24%)
12 = 6525 (0.71%)
13 = 3315 (0.36%)
14 = 1885 (0.21%)
15 = 133 (0.01%)

       |                                                                
      |||                                                              
      |||                                                              
      |||                                                              
      |||                                                              
      |||                                                              
      |||                                                              
      |||                                                              
      |||                                                              
      |||                                                              
      |||                                                              
      |||                                                              
      |||                                                              
     |||||                                                              
     ||||||                                                            
||||||||||||||||                                                        
0000000000111111
0123456789012345

One to six characters = 299773 (32.61%)
One to eight characters = 830801 (90.37%)
More than eight characters = 88524 (9.63%)

Only lowercase alpha = 0 (0.0%)
Only uppercase alpha = 382609 (41.62%)
Only alpha = 382609 (41.62%)
Only numeric = 1242 (0.14%)

First capital last symbol = 18 (0.0%)
First capital last number = 410160 (44.62%)

Months
january = 9 (0.0%)
february = 1 (0.0%)
march = 119 (0.01%)
april = 121 (0.01%)
may = 1910 (0.21%)
june = 234 (0.03%)
july = 173 (0.02%)
august = 30 (0.0%)
september = 4 (0.0%)
october = 17 (0.0%)
november = 17 (0.0%)
december = 16 (0.0%)

Days
monday = 5 (0.0%)
tuesday = 2 (0.0%)
thursday = 1 (0.0%)
friday = 9 (0.0%)
saturday = 2 (0.0%)
sunday = 7 (0.0%)

Months (Abreviated)
jan = 2333 (0.25%)
feb = 413 (0.04%)
mar = 6972 (0.76%)
apr = 532 (0.06%)
may = 1910 (0.21%)
jun = 1037 (0.11%)
jul = 840 (0.09%)
aug = 660 (0.07%)
sept = 104 (0.01%)
oct = 518 (0.06%)
nov = 849 (0.09%)
dec = 829 (0.09%)

Days (Abreviated)
mon = 3681 (0.4%)
tues = 12 (0.0%)
wed = 254 (0.03%)
thurs = 6 (0.0%)
fri = 571 (0.06%)
sat = 722 (0.08%)
sun = 1294 (0.14%)

Includes years
1975 = 450 (0.05%)
1976 = 451 (0.05%)
1977 = 480 (0.05%)
1978 = 487 (0.05%)
1979 = 483 (0.05%)
1980 = 561 (0.06%)
1981 = 502 (0.05%)
1982 = 507 (0.06%)
1983 = 552 (0.06%)
1984 = 599 (0.07%)
1985 = 516 (0.06%)
1986 = 502 (0.05%)
1987 = 514 (0.06%)
1988 = 437 (0.05%)
1989 = 459 (0.05%)
1990 = 359 (0.04%)
1991 = 322 (0.04%)
1992 = 269 (0.03%)
1993 = 206 (0.02%)
1994 = 216 (0.02%)
1995 = 270 (0.03%)
1996 = 241 (0.03%)
1997 = 242 (0.03%)
1998 = 302 (0.03%)
1999 = 347 (0.04%)
2000 = 915 (0.1%)
2001 = 544 (0.06%)
2002 = 505 (0.05%)
2003 = 522 (0.06%)
2004 = 605 (0.07%)
2005 = 722 (0.08%)
2006 = 848 (0.09%)
2007 = 856 (0.09%)
2008 = 900 (0.1%)
2009 = 763 (0.08%)
2010 = 552 (0.06%)
2011 = 129 (0.01%)
2012 = 142 (0.02%)
2013 = 65 (0.01%)
2014 = 39 (0.0%)
2015 = 42 (0.0%)
2016 = 39 (0.0%)
2017 = 33 (0.0%)
2018 = 37 (0.0%)
2019 = 42 (0.0%)
2020 = 251 (0.03%)

Years (Top 10)
2000 = 915 (0.1%)
2008 = 900 (0.1%)
2007 = 856 (0.09%)
2006 = 848 (0.09%)
2009 = 763 (0.08%)
2005 = 722 (0.08%)
2004 = 605 (0.07%)
1984 = 599 (0.07%)
1980 = 561 (0.06%)
1983 = 552 (0.06%)

Single digit on the end = 85199 (9.27%)
Two digits on the end = 121769 (13.25%)
Three digits on the end = 64658 (7.03%)

Last number
0 = 37103 (4.04%)
1 = 78555 (8.54%)
2 = 47467 (5.16%)
3 = 47703 (5.19%)
4 = 35107 (3.82%)
5 = 36429 (3.96%)
6 = 32691 (3.56%)
7 = 38031 (4.14%)
8 = 33141 (3.6%)
9 = 36991 (4.02%)

 |                                                                      
 |                                                                      
 |                                                                      
 |                                                                      
 |                                                                      
 |                                                                      
 |||                                                                    
 |||                                                                    
|||||| | |                                                              
||||||||||                                                              
||||||||||                                                              
||||||||||                                                              
||||||||||                                                              
||||||||||                                                              
||||||||||                                                              
||||||||||                                                              
0123456789

Last digit
1 = 78555 (8.54%)
3 = 47703 (5.19%)
2 = 47467 (5.16%)
7 = 38031 (4.14%)
0 = 37103 (4.04%)
9 = 36991 (4.02%)
5 = 36429 (3.96%)
4 = 35107 (3.82%)
8 = 33141 (3.6%)
6 = 32691 (3.56%)

Last 2 digits (Top 10)
23 = 12432 (1.35%)
12 = 9446 (1.03%)
11 = 8886 (0.97%)
01 = 8687 (0.94%)
00 = 7434 (0.81%)
22 = 6963 (0.76%)
21 = 6915 (0.75%)
13 = 6713 (0.73%)
69 = 6580 (0.72%)
07 = 5889 (0.64%)

Last 3 digits (Top 10)
123 = 6754 (0.73%)
007 = 1923 (0.21%)
000 = 1840 (0.2%)
234 = 1733 (0.19%)
101 = 1298 (0.14%)
777 = 1297 (0.14%)
001 = 1282 (0.14%)
420 = 1281 (0.14%)
111 = 1167 (0.13%)
008 = 1129 (0.12%)

Last 4 digits (Top 10)
1234 = 1356 (0.15%)
2008 = 813 (0.09%)
2007 = 776 (0.08%)
2006 = 755 (0.08%)
2000 = 753 (0.08%)
2009 = 685 (0.07%)
2005 = 645 (0.07%)
2004 = 539 (0.06%)
2345 = 538 (0.06%)
1984 = 498 (0.05%)

Last 5 digits (Top 10)
12345 = 462 (0.05%)
23456 = 146 (0.02%)
54321 = 77 (0.01%)
55555 = 64 (0.01%)
11111 = 58 (0.01%)
77777 = 57 (0.01%)
00000 = 48 (0.01%)
13579 = 44 (0.0%)
56789 = 42 (0.0%)
96969 = 34 (0.0%)

Character sets
upperalphanum: 535352 (58.23%)
upperalpha: 382609 (41.62%)
numeric: 1242 (0.14%)
upperalphaspecial: 68 (0.01%)
upperalphaspecialnum: 38 (0.0%)
specialnum: 3 (0.0%)

Character set ordering
stringdigit: 396200 (43.1%)
allstring: 382609 (41.62%)
digitstring: 54770 (5.96%)
stringdigitstring: 48114 (5.23%)
othermask: 25651 (2.79%)
digitstringdigit: 10661 (1.16%)
alldigit: 1242 (0.14%)
stringspecialstring: 49 (0.01%)
stringspecial: 16 (0.0%)
stringspecialdigit: 13 (0.0%)

Hashcat masks (Top 10)
?u?u?u?u?u?u?u?u: 121805 (13.25%)
?u?u?u?u?u?u: 101111 (11.0%)
?u?u?u?u?u?u?u: 88475 (9.62%)
?u?u?u?d?d?d?d: 52666 (5.73%)
?u?u?u?u?d?d: 38723 (4.21%)
?u?u?u?u?u?d?d: 32912 (3.58%)
?u?u?d?d?d?d: 30207 (3.29%)
?u?u?u?u?d?d?d?d: 28667 (3.12%)
?u?u?u?u?u?u?d?d: 27044 (2.94%)
?u?u?u?u?u?u?d: 26176 (2.85%)

About phillips321

Penetration Tester and Linux fanboy!
This entry was posted in Uncategorized and tagged , , , , , , , , . Bookmark the permalink.

One Response to eHarmony GPU hash cracking and pipal analysis

  1. Anon says:

    Is that 80m wordlist available somewhere? TIA

Leave a Reply