EvilZone

Hacking and Security => Hacking and Security => : DeXtreme May 07, 2013, 03:11:35 PM

: John taking forever
: DeXtreme May 07, 2013, 03:11:35 PM: So today i tried ssh'ing into a server but they had changed their password.Luckily my backdoor still worked so i manged to get the new password hash ;D ..However,cracking it is taking forever.I'm currently using John the Ripper but i was wondering if there are any other faster alternatives?
: Re: John taking forever
: proxx May 07, 2013, 03:38:16 PM: Iirc you could use hashcat to do this.
This is the GPU cracking era :) wake up.
: Re: John taking forever
: Nexus May 07, 2013, 03:50:46 PM: Post deleted, misunderstood the question, apologies.
: Re: John taking forever
: proxx May 07, 2013, 04:00:50 PM: : Nexus May 07, 2013, 03:50:46 PM
I don't think Hashcat supports the SSH key format. Another option is http://leidecker.info/projects/phrasendrescher.shtml (http://leidecker.info/projects/phrasendrescher.shtml) although I don't know how its speed compares to JtR.

I think you misunderstood.
He obtained the hash from the shadow file which has nothing to do with SSH in this scenario.
If no keys such as rsa are used the login is done with the users account.
: Re: John taking forever
: DeXtreme May 07, 2013, 05:18:57 PM: : proxx May 07, 2013, 03:38:16 PM
Iirc you could use hashcat to do this.
This is the GPU cracking era :) wake up.

GPU cracking?.Thats new to me.Gonna go research. ;D Thanks a lot..Do you suggest any particular articles?

Okay i found this website that kinda explains GPU cracking and it's amazing speed.
http://mytechencounters.wordpress.com/2011/04/03/gpu-password-cracking-crack-a-windows-password-using-a-graphic-card/ (http://mytechencounters.wordpress.com/2011/04/03/gpu-password-cracking-crack-a-windows-password-using-a-graphic-card/)
This Ivan Golubev is awesome ;D ;D Thanks again proxx..

Does it work for linux passwords too?
: Re: John taking forever
: techb May 07, 2013, 06:23:11 PM: Sorry for it being vimeo, but this was at a con we have in town.

Link. (http://vimeo.com/16204254)
: Re: John taking forever
: vezzy May 07, 2013, 09:33:23 PM: : DeXtreme May 07, 2013, 05:18:57 PM
Does it work for linux passwords too?

Of course it does. Basic hardware is OS-agnostic.

The gist of this is that a GPU on average is able to execute a much larger amount of 32-bit instructions per clock (frequency rate in Hz), up to 800 times or more.
: Re: John taking forever
: DeXtreme May 08, 2013, 02:58:03 AM: GPU cracking looks very efficient.However,my gpu is a low class intel so i guess that's out for now.But i'd like to try it out soon though
: Re: John taking forever
: Ragehottie May 08, 2013, 03:06:52 AM: Woa. My dealer's name is John. And he always takes forever to text me back. And I was just texting him. And this is what I as thinking. Woah. Creepy.
: Re: John taking forever
: proxx May 08, 2013, 10:15:08 AM: I could say alot but wikipedia always outsmarts me :(
$id$salt$hashed", where "$id" is the algorithm used (On GNU/Linux, "$1$" stands for MD5 (http://en.wikipedia.org/wiki/MD5), "$2a$" is Blowfish (http://en.wikipedia.org/wiki/Blowfish_%28cipher%29), "$5$" is SHA-256 (http://en.wikipedia.org/wiki/SHA-256) and "$6$" is SHA-512 (http://en.wikipedia.org/wiki/SHA-512), crypt(3) manpage (http://www.kernel.org/doc/man-pages/online/pages/man3/crypt.3.html), other Unix may have different

DO I need to say more ?
hashcat is your girl.
: Re: John taking forever
: DeXtreme May 09, 2013, 01:33:14 PM: proxx +1 ;D
: Re: John taking forever
: Evilone May 09, 2013, 07:24:45 PM: JtR also supports GPU cracking. If you share the hash with me I can try to crack it on my rig.
: Re: John taking forever
: DeXtreme May 10, 2013, 03:41:48 AM: okay..i'll inbox it to you.