Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Cracking the story-- how I cracked the 22 million SHA1 and Md5 hash codes

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Cracking the story-- how I cracked the 22 million SHA1 and Md5 hash codes

Original: http://blog.thireus.com/cracking-story-how-i-cracked-over-122-million-sha1-and-md5-hashed-passwords/

This is the story of how I cracked the password with a hash worth 122 million * John the Ripper and oclHashcat-plus.

This was a few months ago, when I saw a https://twitter.com/m3g9tr0n torrent file (https://www.korelogic.com/InfoSecSouthwest2012_Ripe_Hashes.html) from korelogic containing a hash table of about 100 46 million passwords. This very large number of password hashes frustrated me at first because I only had a classic AMD Phenom II 4-core 3.2 MHz computer, plus an ATI/AMD 5770 graphics card. But I really want to give it a try, because the password cracking in this field fascinates me.

The password cracking tools I used during this long journey are John the Ripper and oclHashcat-puls. This article is about cracking the MD5 hash provided by korelogic, but the same strategy applies to SHA1 hash cracking.

Update:

08Accord29Uniple 2012-A new example in the John the Ripper section: "cracking double MD5 password values with the help of dict2hash.pl scripts"

08On29Universe 2012-all of them have been sorted and sorted out for new version downloads.

Handle the hash value:

First, all korelogic torrent files must be unzipped, which contains a folder named "check". Let's check the contents of this folder.

Root@m3g9tr0n:~/hashes$ ls

Longer_salts raw-md5.hashes.txt salted_with_md5 SHA1 vBulletin-v3.8.4

From now on let's focus on the list of raw-md5.hashes.txt files, which is 4.3GB, and you can see through the wc tool that it contains 139444502 lines.

Root@m3g9tr0n:~/hashes$ wc-lraw-md5.hashes.txt

139444502 raw-md5.hashes.txt

As you can assume, neither John the Ripper nor oclHashcat-plus can load the file because it is too large. For this reason, we need to split the file. Under Linux, we have a good tool called split to do this very well:

Root@m3g9tr0n:~$ split-help

Usage: split [OPTION]... [INPUT[PREFIX]]

Output fixed-size pieces of INPUT toPREFIXaa, PREFIXab,...; default

Size is 1000 lines, and default PREFIXis `xboy. With no INPUT, or when INPUT

Is -, read standard input.

Mandatory arguments to long options aremandatory for short options too.

-a,-- suffix-length=N usesuffixes of length N (default 2)

-b,-- bytes=SIZE put SIZEbytes per output file

-C,-- line-bytes=SIZE put atmost SIZE bytes of lines per output file

-d,-- numeric-suffixes usenumeric suffixes instead of alphabetic

-l,-- lines=NUMBER put NUMBERlines per output file

-- verbose print adiagnostic just before each

Output file isopened

-- help display this help andexit

-- version output versioninformation and exit

SIZE may be (or may be an integeroptionally followed by) one of following:

KB 1000, K 1024, MB 1000, M1024 1024, and so on for G, T, P, E, Z, Y.

We can use the-- lines=NUMBER parameter tosplit our raw-md5.hashes.txt file.

We can use the "--lines=NUMBER" parameter to split our original md5.hashes.txt file.

Root@m3g9tr0n:~/hashes$ split-l 3000000raw-md5.hashes.txt part

Note that considering that each MD5 hash is 32 bytes long, we can also split files based on MB.

Use oclHashcat-plus to crack passwords

I started playing oclHashcat-plus because it contains the-remove option, which is really convenient once it is cracked to remove the successfully cracked hash from hashfile. The only limitation of oclHashcat-plus is its limit on the length of passwords. In other words, it can only crack passwords up to 15 characters. I use the oclHashcat-plus rule is base64.rule,passwordspro.rule,T0XlC.rule in some cases d3ad0ne.rule. These rules can be found directly in oclHashcat-plus.

Brute force cracking technology is not my first choice. The dictionary I used was downloaded from g0tm1lk's BlogSpot (http://blog.g0tmi1k.com/2011/06/dictionaries-wordlists/?redirect). You will find more dictionaries in other external links in g0tmi1k's article. The biggest part of the cracking process is through the use of these dictionaries and the above rules. Let's look at some examples.

Use a single rule:

. / oclHashcat-plus64.bin-m 0 ~ / hashes/md5_1~/Wordlists/d3ad0ne.dic-r rules/best64.rule-o Ultimate_Crack/eNtr0pY_1--remove

Use combination rules:

. / oclHashcat-plus64.bin-m 0 ~ / hashes/md5_1~/Wordlists/d3ad0ne.dic-r rules/best64.rule r rules/passwordspro.rule-oUltimate_Crack/eNtr0pY_1-- remove

Bruteforce attack with mask (you canspecify whichever charset you want):

Use a mask for brute force cracking (you can specify any character set you want):

. / oclHashcat-plus64.bin-a 3-1? l?d?u?s-M0 ~ / hashes/md5_1? 1-1-1-o-Ultimate_Crack/eNtr0pY_1-- remove

Combinatorial cracking:

. / oclHashcat-plus64.bin-a 1-m 0~/hashes/md5_1 ~ / Wordlists/d3ad0ne.dic ~ / Wordlists/list-oUltimate_Crack/eNtr0pY_1-- remove

Use rules for combinatorial cracking:

. / oclHashcat-plus64.bin-a 1-m 0~/hashes/md5_1 ~ / Wordlists/d3ad0ne.dic ~ / Wordlists/list-r rules/passwordspro.rule-o Ultimate_Crack/eNtr0pY_1-- remove

Arrangement and combination cracking:

. / oclHashcat-plus64.bin-a 4-m 0~/hashes/md5_1 ~ / Wordlists/d3ad0ne.dic-o Ultimate_Crack/eNtr0pY_1-- remove

Break the rules of permutation and combination:

. / oclHashcat-plus64.bin-a 4-m 0~/hashes/md5_1 ~ / Wordlists/d3ad0ne.dic-r rules/best64.rule-oUltimate_Crack/eNtr0pY_1-- remove

In some cases, I used the hybrid + maskattack technique:

In some cases, I used the hybrid + mask * * technology:

. / oclHashcat-plus64.bin-a 6-1? Lundd-m 0 ~ / hashes/md5_1~/Wordlists/d3ad0ne.dic? 1-o Ultimate_Crack/eNtr0pY_1-- remove

Mixed mask rule cracking:

. / oclHashcat-plus64.bin-a 6-1? Lundd-m 0~/hashes/md5_1 ~ / Wordlists/d3ad0ne.dic? 1-r rules/best64.rule-oUltimate_Crack/eNtr0pY_1-- remove

At this point, I did not use the last two methods, because they are very time-consuming. I'd rather find a better KoreLogic rule for John the Ripper, piping the output of John the Ripper to oclHashcat-plus. As I said, oclHashcat-plus can crack passwords up to 15 characters. For this reason, I have to use the "--stdout" option to limit the length of words produced each time. If you have a very fast GPU, you can skip the following example.

. / john-- wordlist=~/Wordlists/all.lst-rules:KoreLogicRulesPrependYears-- stdout=10 |. / oclHashcat-plus64.bin-m 0~/hashes/md5_1-o Ultimate_Crack/eNtr0pY_1-- remove

Of course, you can also use other pre-rules created by Korelogic, such as KoreLogicRulesPrependNumNum, or even better to create your own rules! It's time to generate a dictionary from the password-cracking vocabulary to crack the remaining hash. From eNtr0pY_1, I removed the MD5 hash using the following command.

Cut-b34-eNtr0pY_1 > eNtr0pY_1.dic

By using the dictionary made above, a large number of MD5 hashes are cracked by this fingerprint. You can read more about Martin Boss @ purehate, and I assure you, this technology is very successful!

Of course, you can also use the binaries in hashcat-utils and the output of each pipe to oclHashcat-plus.

Root@m3g9tr0n:~/oclHashcat-plus-0.08/hashcat-utils$ls

Combinator.bin expander.bin gate.bin len.bin mp32.bin permute.bin prepare.bin req.bin splitlen.bin

Use John the Ripper to crack passwords

After testing all the dictionaries I collected and a few days later, it was time to move to john the Ripper to crack the rest of the password hash.

The Magnum-ripper compiled OpenCL I use supports ATI / AMD graphics cards because I want to use the "--format=raw-md5-opencl parameter". This is a faster way to use your CPU and GPU for it than "- format=raw-md5".

The rules used in john the Ripper are:

Wordlist

Single

NT

Extra

KoreLogicRulesAppendNumbersandSpecials_Simple

KoreLogicRulesAppend6Num

KoreLogicRulesPrependAndAppendSpecial

KoreLogicRulesAppendNumNum_AddSpecialEverywhere

KoreLogicRulesAppendNumNumNum_AddSpecialEverywhere

KoreLogicRulesL33t.

You can download these rules and add them to your john.conf file:

Http://paste2.org/p/2048517

Http://paste2.org/p/2048512

Now, let's look at some examples of john the Ripper.

Use-- rules=Single:

. / john-- format=raw-md5-opencl--wordlist=../../Wordlists/all.lst-- rules:Single ~ / hashes/md5_1

The hash cracking results are stored in the default file john.pot. You can check its contents using cat,more,head and tail.

Root@m3g9tr0n:~/Tools/Password_Cracking/magnum-jumbo-OpenCL/run$tail-n 9 john.pot

$MD5 $0fad81e7a61b47d387dde893fcf8e88a:anacarolinagu

$MD5 $0f82fc9a81f5db07eb9289767390fd2b:fabulousfoodsu

$MD5 $0e22933267b2e7df062703c4e5842029:fabuloustravelu

$MD5 $0d40086a54fefe993c9816d1441672ac:modularhomeu

$MD5 $0ed8181fc4d18e260dd8e36633124bfd:greenshoppingu

$MD5 $0d6e8da4017ec5c384ac5536087da44d:lawofattractionu

$MD5 $0eb916d3c6a66a32cedd4acc6edb1dbb:hotreportu

$MD5 $0e241f99b5c13d56686ec618ab54d5fa:flightsandholidaysu

$MD5 $0f3c99478362aae389d2cbf716394269:stthomasmoresu

To generate a wordlist from the john.pot file,you can use the following command.

To generate a dictionary from a john.pot file, use the following command.

Cut-d:-f 2-john.pot | sort-u > cracked.dic

The generated dictionary can be combined with the above rules to crack the hash.

When I used oclHashcat-plus to crack the MD5 hash, I observed that some of the generated passwords were rejected. This is because oclHashcat-plus has a limit on the length of strings. For this reason, I pipe the results of hashcat to john the Ripper and make better use of hashcat rules in john the Ripper.

. / hashcat-cli64.bin-- stdout~/Wordlists/d3ad0ne.dic-r rules/best64.rule |. / john-- format=raw-md5-opencl--stdin ~ / hashes/md5_1

After trying to combine all dictionaries with the above rules, it's time to use john the Ripper for brute force cracking. Unfortunately, john the Ripper brute force does not use a mask to generate a password. We have to create our own character set john.pot based on the password contained in the crack.

. / john-- make-charset=eNtr0pY.chr

Loaded 7948325 plaintexts

Generating charsets... 12 3 4 5 6 78 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 DONE

Generating cracking order... DONE

Successfully written charset file:eNtr0pY.chr (95 characters)

Many of you will want to know "DONE 31". This is simply because I compiled john the Ripper with 31 characters in length. By default, john the Ripper is compiled to support 8 characters, so it's best to change it by modifying the following line in the header file params.h, which is located in the scr folder of john the Ripper.

# define CHARSET_MIN''

# define CHARSET_MAX 0x7E

# define CHARSET_SIZE (CHARSET_MAX-CHARSET_MIN+ 1)

# define CHARSET_LENGTH 8 / / change to 31 or the value you expect

Finally, you must include the character set you created in john.conf, as specified in this example:

# Incremental modes

[Incremental:eNtr0pY]

File = $JOHN/eNtr0pY.chr

MinLen = 0

MaxLen = 31

CharCount = 95

Now it is time to use bruteforce attackswith our own charstet!

Now is the time to use our own strings to violently crack *!

. / john-- format=raw-md5-opencl--incremental=eNtr0pY ~ / hashes/md5_1

If you look at john.conf, you will see some brute force cracking patterns divided into external ones. These are dual, with keyboards (using adjacent combinations generated from keyboard characters), KnownForce, date and time, repetition, order, subgroups and DumbForce for crazy password formats.

. / john-- format=raw-md5-opencl--external=DumbForce ~ / hashes/md5_1

With the help of the dict2hash.pl script provided here, we also like to crack double MD5 hashes.

Perl dict2hash.pl

< rockyou.txt | ./john--format=raw-md5-opencl --stdin ~/md5_1 在这里,您可以看到与john the Ripper破获MD5值的一些示例: http://pastebin.com/uaGFXkBA http://pastebin.com/LT5Gda9L Personally, I believe a password like"$MD5$0b26a0faf1344d6e772bf55628e10e29:n34=mn { .clipboard $me }" isimpossible to crack with bruteforce attacks. Note: All the abovementioned techniques canbe used with oclHashcat-plus by defining -m 100 and with John the Ripper bydefining --format=raw-sha1-opencl for SHA1 cracking with OpenCL! 就个人而言,我相信密码像" $ MD5 $ 0b26a0faf1344d6e772bf55628e10e29:N34 = {MN $.clipboard$me} "是不可能使用暴力破解***来破解。 注:所有上述技术可以在oclHashcat-plus定义参数"-m 100"使用,john the Ripper定义"--format=raw-sha1-opencl"使用OpenCL破解SHA1 密码分析 最后,值得一看的分析使用pipal(密码分析者)从破解结果中收集的样本。 root@m3g9tr0n:~/pipal$ ruby1.9.1 pipal.rb \ -o eNtr0pY_1~/Wordlists/Ultimate/Part1/eNtr0pY_5.dic Total entries = 759103 Total unique entries = 758299 Top10 passwords niezgadniesz123 = 3 (0.0%) ubqu = 3 (0.0%) amonys = 3 (0.0%) centralitie = 3 (0.0%) bobydu = 3 (0.0%) hanghuynh = 3 (0.0%) hmadyousi = 3 (0.0%) matthewperman = 3 (0.0%) shadowninja2 = 3 (0.0%) lhz4 = 3 (0.0%) Top10 基本密码 august = 219 (0.03%) july = 205 (0.03%) april = 199 (0.03%) june = 195 (0.03%) march = 165 (0.02%) alex = 161 (0.02%) love = 132 (0.02%) chris = 130 (0.02%) daniel = 128 (0.02%) dragon = 122 (0.02%) 密码长度(以长度进行排序) 1 = 13 (0.0%) 2 = 103 (0.01%) 3 = 1332 (0.18%) 4 = 16781 (2.21%) 5 = 19831 (2.61%) 6 = 95800 (12.62%) 7 = 202414 (26.66%) 8 = 158562 (20.89%) 9 = 103855 (13.68%) 10 = 75652 (9.97%) 11 = 46023 (6.06%) 12 = 24997 (3.29%) 13 = 8423 (1.11%) 14 = 3772 (0.5%) 15 = 1560 (0.21%) 密码长度(以计数排序) 7 = 202414 (26.66%) 8 = 158562 (20.89%) 9 = 103855 (13.68%) 6 = 95800 (12.62%) 10 = 75652 (9.97%) 11 = 46023 (6.06%) 12 = 24997 (3.29%) 5 = 19831 (2.61%) 4 = 16781 (2.21%) 13 = 8423 (1.11%) 14 = 3772 (0.5%) 15 = 1560 (0.21%) 3 = 1332 (0.18%) 2 = 103 (0.01%) 1 = 13 (0.0%) | | | || || || || ||| |||| |||| ||||| ||||| |||||| |||||| ||||||||| ||||||||||||||||| 00000000001111111 01234567890123456 Oneto six characters = 133854 (17.63%) One to eight characters = 494828 (65.19%) More than eight characters = 264275(34.81%) Onlylowercase alpha = 154996 (20.42%) Only uppercase alpha = 14072 (1.85%) Only alpha = 169068 (22.27%) Only numeric = 119581 (15.75%) First capital last symbol = 6088 (0.8%) First capital last number = 73611 (9.7%) Months january = 109 (0.01%) february = 45 (0.01%) march = 247 (0.03%) april = 251 (0.03%) may = 850 (0.11%) june = 246 (0.03%) july = 223 (0.03%) august = 300 (0.04%) september = 80 (0.01%) october = 134 (0.02%) november = 113 (0.01%) december = 115 (0.02%) Days monday = 59 (0.01%) tuesday = 20 (0.0%) wednesday = 7 (0.0%) thursday = 38 (0.01%) friday = 46 (0.01%) saturday = 7 (0.0%) sunday = 70 (0.01%) Months (Abreviated) jan = 1482 (0.2%) feb = 249 (0.03%) mar = 8397 (1.11%) apr = 692 (0.09%) may = 850 (0.11%) jun = 889 (0.12%) jul = 1051 (0.14%) aug = 785 (0.1%) sept = 215 (0.03%) oct = 512 (0.07%) nov = 821 (0.11%) dec = 874 (0.12%) Days (Abreviated) mon = 4319 (0.57%) tues = 28 (0.0%) wed = 217 (0.03%) thurs = 44 (0.01%) fri = 758 (0.1%) sat = 769 (0.1%) sun = 1018 (0.13%) Includes years 1975 = 411 (0.05%) 1976 = 388 (0.05%) 1977 = 446 (0.06%) 1978 = 432 (0.06%) 1979 = 441 (0.06%) 1980 = 541 (0.07%) 1981 = 453 (0.06%) 1982 = 519 (0.07%) 1983 = 533 (0.07%) 1984 = 603 (0.08%) 1985 = 585 (0.08%) 1986 = 616 (0.08%) 1987 = 710 (0.09%) 1988 = 641 (0.08%) 1989 = 941 (0.12%) 1990 = 931 (0.12%) 1991 = 995 (0.13%) 1992 = 935 (0.12%) 1993 = 905 (0.12%) 1994 = 907 (0.12%) 1995 = 4021 (0.53%) 1996 = 858 (0.11%) 1997 = 486 (0.06%) 1998 = 443 (0.06%) 1999 = 416 (0.05%) 2000 = 1024 (0.13%) 2001 = 643 (0.08%) 2002 = 586 (0.08%) 2003 = 1132 (0.15%) 2004 = 1254 (0.17%) 2005 = 796 (0.1%) 2006 = 818 (0.11%) 2007 = 1442 (0.19%) 2008 = 1019 (0.13%) 2009 = 742 (0.1%) 2010 = 767 (0.1%) 2011 = 516 (0.07%) 2012 = 925 (0.12%) 2013 = 165 (0.02%) 2014 = 142 (0.02%) 2015 = 146 (0.02%) 2016 = 118 (0.02%) 2017 = 139 (0.02%) 2018 = 131 (0.02%) 2019 = 172 (0.02%) 2020 = 179 (0.02%) Years (Top 10) 1995 = 4021 (0.53%) 2007 = 1442 (0.19%) 2004 = 1254 (0.17%) 2003 = 1132 (0.15%) 2000 = 1024 (0.13%) 2008 = 1019 (0.13%) 1991 = 995 (0.13%) 1989 = 941 (0.12%) 1992 = 935 (0.12%) 1990 = 931 (0.12%) Colours black = 485 (0.06%) blue = 549 (0.07%) brown = 184 (0.02%) gray = 89 (0.01%) green = 348 (0.05%) orange = 125 (0.02%) pink = 262 (0.03%) purple = 73 (0.01%) red = 2974 (0.39%) white = 179 (0.02%) yellow = 85 (0.01%) violet = 63 (0.01%) indigo = 22 (0.0%) Single digit on the end = 92080 (12.13%) Two digits on the end = 87587 (11.54%) Three digits on the end = 103715 (13.66%) Last number 0 = 45407 (5.98%) 1 = 64764 (8.53%) 2 = 52570 (6.93%) 3 = 52890 (6.97%) 4 = 43719 (5.76%) 5 = 55185 (7.27%) 6 = 42826 (5.64%) 7 = 46169 (6.08%) 8 = 42475 (5.6%) 9 = 44930 (5.92%) | | | || |||| |||| | | | |||||||||| |||||||||| |||||||||| |||||||||| |||||||||| |||||||||| |||||||||| |||||||||| |||||||||| |||||||||| |||||||||| 0123456789 Last digit 1 = 64764 (8.53%) 5 = 55185 (7.27%) 3 = 52890 (6.97%) 2 = 52570 (6.93%) 7 = 46169 (6.08%) 0 = 45407 (5.98%) 9 = 44930 (5.92%) 4 = 43719 (5.76%) 6 = 42826 (5.64%) 8 = 42475 (5.6%) Last 2 digits (Top 10) 95 = 14675 (1.93%) 23 = 12192 (1.61%) 12 = 9230 (1.22%) 11 = 8214 (1.08%) 01 = 7606 (1.0%) 00 = 7131 (0.94%) 07 = 6295 (0.83%) 10 = 6182 (0.81%) 21 = 5881 (0.77%) 99 = 5868 (0.77%) Last 3 digits (Top 10) 123 = 6857 (0.9%) 995 = 4122 (0.54%) 971 = 2916 (0.38%) 972 = 2850 (0.38%) 007 = 2514 (0.33%) 000 = 1868 (0.25%) 234 = 1725 (0.23%) 666 = 1465 (0.19%) 777 = 1389 (0.18%) 004 = 1347 (0.18%) Last 4 digits (Top 10) 1995 = 3886 (0.51%) 1234 = 1379 (0.18%) 2007 = 1325 (0.17%) 2004 = 1121 (0.15%) 2003 = 1016 (0.13%) 2008 = 869 (0.11%) 2000 = 846 (0.11%) 1991 = 819 (0.11%) 2012 = 809 (0.11%) 1990 = 789 (0.1%) Last 5 digits (Top 10) 12345 = 743 (0.1%) 23456 = 652 (0.09%) 54321 = 189 (0.02%) 23123 = 140 (0.02%) 56789 = 127 (0.02%) 34567 = 102 (0.01%) 11111 = 99 (0.01%) 45678 = 75 (0.01%) 00000 = 73 (0.01%) 88888 = 68 (0.01%) US Area Codes 971 = Oregon: Metropolitan Portland, Salem/Keizer area, incl Cricket Wireless (OR) 972 = Texas: Dallas Metro (TX) 234 = NE Ohio: Canton, Akron (OH) Character sets loweralphanum: 330937 (43.6%) loweralpha: 154996 (20.42%) numeric: 119581 (15.75%) mixedalphanum: 41121 (5.42%) upperalphanum: 41078 (5.41%) mixedalpha: 28464 (3.75%) upperalpha: 14072 (1.85%) loweralphaspecial: 10222 (1.35%) loweralphaspecialnum: 5735 (0.76%) mixedalphaspecial: 4724 (0.62%) upperalphaspecial: 2939 (0.39%) mixedalphaspecialnum: 2247 (0.3%) specialnum: 648 (0.09%) upperalphaspecialnum: 374 (0.05%) special: 47 (0.01%) Character set ordering stringdigit: 349534 (46.05%) allstring: 197532 (26.02%) alldigit: 119581 (15.75%) digitstring: 28873 (3.8%) othermask: 18649 (2.46%) stringdigitstring: 14577 (1.92%) stringspecial: 10441 (1.38%) digitstringdigit: 9981 (1.31%) stringspecialstring: 5469 (0.72%) stringspecialdigit: 3075 (0.41%) specialstring: 834 (0.11%) specialstringspecial: 510 (0.07%) allspecial: 47 (0.01%) Hashcat masks (Top 10) ?d?d?d?d?d?d?d: 85053 (11.2%) ?l?l?l?l?l?l: 38400 (5.06%) ?l?l?l?l?l?l?l?l: 36217 (4.77%) ?l?l?l?l?l?l?l: 35468 (4.67%) ?l?l?l?l?l?l?d?d?d: 24051 (3.17%) ?l?l?l?l?l?l?d?d: 18591 (2.45%) ?l?l?l?l?l?d?d?d: 18047 (2.38%) ?d?d?d?d?d?d: 16048 (2.11%) ?l?l?l?l?l?l?l?l?l: 14236 (1.88%) ?l?l?l?l?d?d?d: 13802 (1.82%) 结论 这是一个非常耗费时间和艰苦的工作,因为我不拥有最快的显卡。整个破解过程历时约5个月来完成,因为我必须完成我的CCNP认证学习。 从中学到的教训是,一个好的智能词典结合方便的规则,使用Hashcat或John the Ripper甚至可以破解强密码。基于以上情况,管理员应该使用更强的哈希算法(加盐)来存储你的密码,并在在定期的基础上更改自己的密码。 谢谢阅读 你可以在推特上找到我, @m3g9tr0n. 下载 你可以下载破解的哈希结果值 721.9 MB -m3g9tr0n_122Million_Passwords_WordLists.zip 所提供的KoreLogic torrent文件包含了各种独特的密码哈希值。出于这个原因,你可能会在这些字典中发现重复的密码,作为一个单独的密码,可以使用各种算法来计算散列值!这意味着1.22亿独特的哈希值(MD5,SHA1,双MD5等)被破解,结果中有8亿3600万个独特的密码。 您也可以下载"都在一个"版本,干净和分类: 270.2 MB -m3g9tr0n_Passwords_WordList_CLEANED.zip export LC_ALL='C' && cat * | sort |uniq >

ENtr0pY_ALL_sort_uniq.dic

Reference:

Hashcat Wiki [http://hashcat.net/wiki/]

John the Ripper Wiki [http://openwall.info/wiki/john]

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report