EvilZone
Hacking and Security => Hacking and Security => : TopSpace February 19, 2015, 05:11:55 PM
-
Anybody can give me some advice ? I'm looked out for hash algo for phpBB and it seems to me a little tangled.
-
Its been over 6 years since I wrote my last script for cracking hashes (i then got a vip account with milw0rm.com thats how long ago it was!) but I'm guessing not too much has changed, if the hashes are un-salted you can write a pretty simple dictionary based cracker in Python, you just need to iterate through a word list a line at a time, hash each word and compare the result to the hash you are trying to crack, if they are the same then you have the password. With a little more effort and using arrays mapped to different letters you can create an algorithm for performing a brute force attack.
-
Step one: download oclHashCat (or cudahashcat) or if you have a shitty gpu, just hashcat.
Step two: $ sudo ./cudaHashcat64.bin --help | grep php
400 = phpass, MD5(Wordpress), MD5(phpBB3), MD5(Joomla)
Step Three: $ sudo ./cudaHashcat64.bin -m 400 -b
cudaHashcat v1.32 starting in benchmark-mode...
Device #1: GeForce GTX 970, 4095MB, 1600Mhz, 13MCU
Device #2: GeForce GTX 970, 4095MB, 1600Mhz, 13MCU
Hashtype: phpass, MD5(Wordpress), MD5(phpBB3), MD5(Joomla)
Workload: 2048 loops, 32 accel
Speed.GPU.#1.: 3096.2 kH/s
Speed.GPU.#2.: 3002.9 kH/s
Speed.GPU.#*.: 6099.1 kH/s
Started: Sun Feb 22 17:08:11 2015
Stopped: Sun Feb 22 17:08:27 2015
Step Four: Read the manpage and play around with settings to get the maximum, if straight md5 is any indication I could push that close to 7500 kH/s with some fiddling.
Step Five: Crack those hashes and hope your computer doesnt catch fire.
Disclaimer: I has higher end PC, on a CPU based rig you'd be going a lot slower. For comparison this is my CPU doing it:
$ ./hashcat-cli64.bin -m 400 -b
Initializing hashcat v0.49 with 8 threads and 32mb segment-size...
Hash type: phpass, MD5(Wordpress), MD5(phpBB3), MD5(Joomla)
Speed/sec: 51.64k words
So if you have GPU, fucking use it.