Information Security

Hash Collisions: World’s First Triple Hash Collision In MySQL(64)

In this article, I’ll try to explain as much as I can about hashes and collisions and my latest discovery of a triple hash collision while keeping things as simple as possible.

What Is A Hash:

It’s a cryptographic function, which takes some data as input, and generates a string, usually composed of hex characters. Now, hash differs from a checksum. Checksums are mostly made for files, to verify they’re integrity, while a hash can be both used for files and passwords(or plaintext data).

Information Security

Automated Password Cracking: Use oclHashcat To Launch A Fingerprint Attack

The below article explains how I used password fingerprinting to crack 500,000 password hashes in less than half a day completly automated. This article shows each command step by step, but only to describe the details of how password fingerprinting with oclHashcat works. The reality is that the password fingerprinting process can easily be automated by a script which is why we call it automated password cracking.

The Fingerprint Attack in my example had a success rate of about 80% in a 100% automated process after 12 hours with a single GeForce GTX 285. In order to reach the 500,000 cracked hashes I first created a list of 650,000 unique password hashes using a well known leaked password hash database. Once I had the list of 650,000 unique password hashes I started out by doing some easy attacks on the hashes such as a five character long brute force using all possible character sets which will provide an initial wordlist to start the fingerprint attack with. You really do not need to perform this step as explained further below. Once the initial brute force attack is complete the real fingerprinting starts. You will take the initial results, pipe them into the expander, and then run a combined dictionary attack against the hash list. Once we have results from the second set of attacks we use the expander again and issue another attack. You will see through the process, which is described in detail below, that results are returned at a very high rate by automated finding patterns and exploiting those patterns to return results.

Information Security

Hashcat: Use the Hashcat-gui On Windows To Brute Force MD5 Hashes

Hashcat is an excellent tool to use or security audits of passwords. I will be doing a series of articles relating to anything from simple brute forcing such as the article to more complex techniques using Hashcat, oclHashcat, and the Hashcat-gui on both Windows and Linux operating systems. The goal is to make people more aware of the technologies available to crack passwords which should allow people to audit their companies passwords for more strict enforcement. This article relates to using the Hashcat-gui on Windows 7 to crack 10 MD5 hashes and assumes that you already have successfully installed Hashcat and the Hashcat-gui.

Technology Insights

Compile John the Ripper on x86-64 Cent OS with the Jumbo Patch

I am getting ready for a password contest at Defcon that Alex and I and a few other guys from the Hashcat team are going to enter and I decided to install John the Ripper on a Cent OS box in case I needed it for anything. John is in the yum repos however the version is pretty old and it is not compiled with NTLM support so I decided to build it from source so that i could apply the Jumbo patch which adds support for a whole lot of different algorithms which are normally only available in the pro version of John the Ripper.

Below I show the steps I took to get it compiled and working on Cent OS 64 bit:

Technology Insights

Dumping NTLM Hash’s from Windows with Fgdump.

With the release of the new Question-Defense online NTLM, MD5 and MD4 cracker I decide to write a quick how to on grabbing the hash’s from a windows system. In order for this to work you need at least one username and logon of a user with admin privileges. I may in the future write a article on how to escalate your privileges from a user to a admin, but for the sake of this article will assume you know at least one admin user log on.