Sign up to save your podcasts
Or
Share 7MS #478: Password Cracking in the Cloud - Part 4
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
7MS #478: Password Cracking in the Cloud - Part 4
Hey friends, today we're continuing our discussion of password cracking by sharing some methodology that has helped us get a high cred yield, and some tips on taking cracked passwords from multiple sources and Frankensteining them into a beautiful report for your customer.
For some background, when 7MS started as a biz, we used to crack passwords in Paperspace but invested in an on-prem cracking rig a few years ago. That rig has been flipping sweet, but had some heating issues which prompted me to send the system in for warranty and use an awesome cracking rig in AWS in the meantime.
Whether you're cracking locally or in the cloud, here's a quick methodology that has cracked many a hash for us:
-
Do a straight-up hashcat crack against the PwnedPasswords list (at time of this writing I don't have a good source for the cracked versions of these passwords. I used to grab them at hashes.org. Anybody got an alternative?
-
Do a straight-up hashcat crack through the RockYou2021 list
-
Run the hatecrack methodology, including the quick crack, the quick crack with rules (I'm partial to OneRuleToRuleThemAll), and brute-forcing all 1-8 character passwords
Once I'm ready to wrap up all the cracked passwords and put them in a nice shiny report for the customer, I do the following (using hashcombiner and pipal):
# Run hash_combiner on hashcat's pot file and write results to a file python /opt/hc/hash_combiner.py user_hash /opt/hashcat/hashcat.potfile > /tmp/round1.txt # Run hash_combiner on hatecrack's pot file and write results to a file python /opt/hc/hash_combiner.py user_hash /opt/hatecrack/hashcat.pot > /tmp/round2.txt # Cat the two files together into a third file cat /tmp/round1.txt /tmp/round2.txt > /tmp/round3.txt # Sort and de-dupe the third file cat /tmp/round3.txt | sort -uf > /tmp/nice-and-clean.txt # Take just the passwords out of the "nice and clean" output cut -d ':' -f 2 /tmp/nice-and-clean.txt > /tmp/pipal-temp.txt # Score the passwords using pipal /opt/pipal/pipal.rb /tmp/pipal-temp.txt > /tmp/pip-final.txtNow you've got a nice-and-clean.txt list of users and their cracked passwords, as well as the pip-final.txt with deeper analysis of cracked passwords, their commonalities, etc.
View all episodes
By Brian Johnson
4.7
6868 ratings
Hey friends, today we're continuing our discussion of password cracking by sharing some methodology that has helped us get a high cred yield, and some tips on taking cracked passwords from multiple sources and Frankensteining them into a beautiful report for your customer.
For some background, when 7MS started as a biz, we used to crack passwords in Paperspace but invested in an on-prem cracking rig a few years ago. That rig has been flipping sweet, but had some heating issues which prompted me to send the system in for warranty and use an awesome cracking rig in AWS in the meantime.
Whether you're cracking locally or in the cloud, here's a quick methodology that has cracked many a hash for us:
-
Do a straight-up hashcat crack against the PwnedPasswords list (at time of this writing I don't have a good source for the cracked versions of these passwords. I used to grab them at hashes.org. Anybody got an alternative?
-
Do a straight-up hashcat crack through the RockYou2021 list
-
Run the hatecrack methodology, including the quick crack, the quick crack with rules (I'm partial to OneRuleToRuleThemAll), and brute-forcing all 1-8 character passwords
Once I'm ready to wrap up all the cracked passwords and put them in a nice shiny report for the customer, I do the following (using hashcombiner and pipal):
# Run hash_combiner on hashcat's pot file and write results to a file python /opt/hc/hash_combiner.py user_hash /opt/hashcat/hashcat.potfile > /tmp/round1.txt # Run hash_combiner on hatecrack's pot file and write results to a file python /opt/hc/hash_combiner.py user_hash /opt/hatecrack/hashcat.pot > /tmp/round2.txt # Cat the two files together into a third file cat /tmp/round1.txt /tmp/round2.txt > /tmp/round3.txt # Sort and de-dupe the third file cat /tmp/round3.txt | sort -uf > /tmp/nice-and-clean.txt # Take just the passwords out of the "nice and clean" output cut -d ':' -f 2 /tmp/nice-and-clean.txt > /tmp/pipal-temp.txt # Score the passwords using pipal /opt/pipal/pipal.rb /tmp/pipal-temp.txt > /tmp/pip-final.txtNow you've got a nice-and-clean.txt list of users and their cracked passwords, as well as the pip-final.txt with deeper analysis of cracked passwords, their commonalities, etc.
More shows like 7 Minute Security
View all
Hacked
187 Listeners
Security Now (Audio)
2,007 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Risky Business
371 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,021 Listeners
Smashing Security
319 Listeners
Click Here
416 Listeners
Darknet Diaries
8,062 Listeners
Cybersecurity Today
179 Listeners
Hacking Humans
315 Listeners
CISO Series Podcast
188 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
139 Listeners
Risky Bulletin
44 Listeners