As you know we think that oclHashcat is one of the best password crackers available and along with Hashcat and John The Ripper are pretty much the only password crackers we use at this point. Earlier someone asked me to crack some OpenLDAP hashes which come in SHA and SSHA format and the below example includes only the OpenLDAP SHA format hashes.
Today I was having a discussion regarding wordlist size, the calculation to come up with the specific size the wordlist would be once generated, and various other items revolving around password cracking. Somehow the application crunch came up which in the past has been used to generate wordlists however its fairly slow compared to other technologies out there specifically Hashcat/oclHashcat’s Anyhow during the discussion I was doing some searching and had not used crunch in quite a long time but was pleasantly surprised by one of the features which generates a quick, accurate, and useful output of information regarding number of combinations that will be generated from the combinations length plus the character set/wordlists input and how much disk space those the list will take up on the hard drive. Anyhow a couple interesting things I realized tonight using crunch that I wanted to share.
Cisco devices running the Cisco IOS have three types of ways to display passwords in the device configuration which include Type 0, Type 5, and Type 7. Below we describe all three methods of storing passwords in the Cisco IOS device configuration and how to obtain the password from each method either by simply reading the password, by quickly converting the password from the Cisco defined encryption algorithm, or by cracking MD5 UNIX password hashes.
The below article explains how I used password fingerprinting to crack 500,000 password hashes in less than half a day completly automated. This article shows each command step by step, but only to describe the details of how password fingerprinting with oclHashcat works. The reality is that the password fingerprinting process can easily be automated by a script which is why we call it automated password cracking.
The Fingerprint Attack in my example had a success rate of about 80% in a 100% automated process after 12 hours with a single GeForce GTX 285. In order to reach the 500,000 cracked hashes I first created a list of 650,000 unique password hashes using a well known leaked password hash database. Once I had the list of 650,000 unique password hashes I started out by doing some easy attacks on the hashes such as a five character long brute force using all possible character sets which will provide an initial wordlist to start the fingerprint attack with. You really do not need to perform this step as explained further below. Once the initial brute force attack is complete the real fingerprinting starts. You will take the initial results, pipe them into the expander, and then run a combined dictionary attack against the hash list. Once we have results from the second set of attacks we use the expander again and issue another attack. You will see through the process, which is described in detail below, that results are returned at a very high rate by automated finding patterns and exploiting those patterns to return results.
I wasn’t sure if Notepad++ was going to install properly on my new laptop running Windows 7 64-Bit. After the initial installation of Notepad++ I was receiving an error that I assumed must be related to the fact that this was a 64-Bit OS and not a 32-Bit OS. The issue ended up being a silly mistake on my end and was very easy to resolve. Below I explain the error along with how to resolve the error. This should resolve the problem on any version of Windows regardless of if the OS is 64-Bit or 32-Bit.