破解故事——我是如何破解1億2200萬SHA1和Md5哈希密碼
原文:http://blog.thireus.com/cracking-story-how-i-cracked-over-122-million-sha1-and-md5-hashed-passwords/
這是關於我如何破解密碼的哈希值1億2200萬* John the Ripper和oclHashcat-plus故事。
這是幾個月前,當我看到一條推特(https://twitter.com/m3g9tr0n)從korelogic約含共1億4600萬個密碼的密碼哈希表的torrent文件(https://www.korelogic.com/InfoSecSouthwest2012_Ripe_Hashes.html)。這個非常大的數量的密碼哈希起初讓我很沮喪,因爲我自己只有一臺經典配置的AMD Phenom II 4核3.2 MHz的電腦,外加一個ATI/AMD 5770顯卡。但我真的很想給嘗試一下,因爲該領域的密碼破解讓我着迷。
在這漫長的旅程中我用的密碼破解工具是John the Ripper和oclHashcat-puls。這篇文章是關於破解korelogic提供的MD5哈希值,但同樣的策略也適用於SHA1哈希破解。
更新:
08/29/2012 –新的例子在John the Ripper部分: "在dict2hash.pl腳本的幫助下破解雙MD5密碼值"
08/29/2012 – 所有的都進行過排序和整理新的版本下載。
處理哈希值:
首先,所有的korelogic torrent文件必須被解壓縮,它包含一個命名爲“校驗”文件夾。讓我們檢查這個文件夾的內容…
root@m3g9tr0n:~/hashes$ ls
longer_salts raw-md5.hashes.txt salted_with_md5 SHA1 vBulletin-v3.8.4
從現在起我們集中在raw-md5.hashes.txt文件列表,這個文件是4.3GB,通過wc工具可以看出它包括139444502行。
root@m3g9tr0n:~/hashes$ wc -lraw-md5.hashes.txt
139444502 raw-md5.hashes.txt
正如你可以假設,無論是John the Ripper和oclHashcat-plus都無法加載該文件,因爲它太大了。出於這個原因,我們需要分割該文件。在Linux下,我們有一個很好的工具稱爲split 做這件工作得很好:
root@m3g9tr0n:~$ split --help
Usage: split [OPTION]... [INPUT[PREFIX]]
Output fixed-size pieces of INPUT toPREFIXaa, PREFIXab, ...; default
size is 1000 lines, and default PREFIXis `x'. With no INPUT, or when INPUT
is -, read standard input.
Mandatory arguments to long options aremandatory for short options too.
-a, --suffix-length=N usesuffixes of length N (default 2)
-b, --bytes=SIZE put SIZEbytes per output file
-C, --line-bytes=SIZE put atmost SIZE bytes of lines per output file
-d, --numeric-suffixes usenumeric suffixes instead of alphabetic
-l, --lines=NUMBER put NUMBERlines per output file
--verbose print adiagnostic just before each
output file isopened
--help display this help andexit
--version output versioninformation and exit
SIZE may be (or may be an integeroptionally followed by) one of following:
KB 1000, K 1024, MB 1000*1000, M1024*1024, and so on for G, T, P, E, Z, Y.
We can use the --lines=NUMBER parameter tosplit our raw-md5.hashes.txt file.
我們可以使用“--lines=NUMBER”參數來分割我們的原始md5.hashes.txt文件。
root@m3g9tr0n:~/hashes$ split -l 3000000raw-md5.hashes.txt part
請注意,考慮到每個MD5哈希是32字節長,我們還可以基於MB來進行文件分割。
使用oclHashcat-plus來破解密碼
我開始玩oclHashcat-plus,因爲它包含了-remove選項,一旦被破解它從hashfile刪除破解成功的哈希值,這是真的很方便。oclHashcat-plus唯一的限制,是它對密碼長度的限制。換句話說,它僅能夠破解密碼最多15個字符。我使用oclHashcat-plus規則是base64.rule,passwordspro.rule,T0XlC.rule在某些情況下d3ad0ne.rule。這些規則可以直接從oclHashcat-plus中找到。
暴力破解技術是不是我的第一選擇。我用的字典是從g0tm1lk的BlogSpot下載的(http://blog.g0tmi1k.com/2011/06/dictionaries-wordlists/?redirect)。在g0tmi1k的文章其他外部鏈接中你會發現更多的字典。破解過程中最大的一部分是通過使用這些字典與上述規則進行。讓我們來看看一些例子
使用單一規則:
./oclHashcat-plus64.bin -m 0 ~/hashes/md5_1~/Wordlists/d3ad0ne.dic -r rules/best64.rule -o Ultimate_Crack/eNtr0pY_1--remove
使用組合規則:
./oclHashcat-plus64.bin -m 0 ~/hashes/md5_1~/Wordlists/d3ad0ne.dic -r rules/best64.rule r rules/passwordspro.rule -oUltimate_Crack/eNtr0pY_1 --remove
Bruteforce attack with mask (you canspecify whichever charset you want):
使用掩碼進行暴力破解***(可以指定任何你想要的字符集):
./oclHashcat-plus64.bin -a 3 -1 ?l?d?u?s -m0 ~/hashes/md5_1 ?1?1?1?1?1?1?1?1 -o Ultimate_Crack/eNtr0pY_1 --remove
組合破解:
./oclHashcat-plus64.bin -a 1 -m 0~/hashes/md5_1 ~/Wordlists/d3ad0ne.dic ~/Wordlists/list -oUltimate_Crack/eNtr0pY_1 --remove
使用規則進行組合破解:
./oclHashcat-plus64.bin -a 1 -m 0~/hashes/md5_1 ~/Wordlists/d3ad0ne.dic ~/Wordlists/list -r rules/passwordspro.rule-o Ultimate_Crack/eNtr0pY_1 --remove
排列組合破解:
./oclHashcat-plus64.bin -a 4 -m 0~/hashes/md5_1 ~/Wordlists/d3ad0ne.dic -o Ultimate_Crack/eNtr0pY_1 --remove
排列組合規則破解:
./oclHashcat-plus64.bin -a 4 -m 0~/hashes/md5_1 ~/Wordlists/d3ad0ne.dic -r rules/best64.rule -oUltimate_Crack/eNtr0pY_1 --remove
In some cases, I used the hybrid + maskattack technique:
在某些情況下,我使用了混合 + 掩碼***技術:
./oclHashcat-plus64.bin -a 6 -1 ?l?d -m 0 ~/hashes/md5_1~/Wordlists/d3ad0ne.dic ?1?1 -o Ultimate_Crack/eNtr0pY_1 --remove
混合掩碼規則破解:
./oclHashcat-plus64.bin -a 6 -1 ?l?d -m 0~/hashes/md5_1 ~/Wordlists/d3ad0ne.dic ?1?1 -r rules/best64.rule -oUltimate_Crack/eNtr0pY_1 --remove
在這一點上,我沒有用最後兩個方法,因爲他們是非常耗時的。我寧願爲John the Ripper 找到一個更好的KoreLogic的規則,將John the Ripper 的輸出管道到oclHashcat-plus。正如我所說,oclHashcat-plus能夠破解的密碼最多15個字符。出於這個原因,我不得不通過“--stdout”選項限定每一次所產生的單詞長度。如果你擁有一個非常快速的GPU可以跳過下面的例子。
./john --wordlist=~/Wordlists/all.lst-rules:KoreLogicRulesPrependYears --stdout=10 | ./oclHashcat-plus64.bin -m 0~/hashes/md5_1 -o Ultimate_Crack/eNtr0pY_1 --remove
當然你也可以使用來自Korelogic創建的其他前置的規則,像KoreLogicRulesPrependNumNum,甚至更好的創建自己的規則!是時候從破解密碼的單詞表中生成字典來破解剩餘哈希值了。從eNtr0pY_1,使用以下命令我刪除了MD5哈希值。
cut -b34- eNtr0pY_1 >eNtr0pY_1.dic
通過使用上述製造的字典,大量MD5哈希值被這種指紋***破解。你可以閱讀更多關於馬丁博斯@purehate這種***,我向你保證,這個技術是非常成功的!
當然,你也可以使用hashcat-utils中的二進制文件以及每一個管道到oclHashcat-plus的輸出。
root@m3g9tr0n:~/oclHashcat-plus-0.08/hashcat-utils$ls
combinator.bin expander.bin gate.bin len.bin mp32.bin permute.bin prepare.bin req.bin splitlen.bin
使用John the Ripper破解密碼
測試完所有我收集的字典以及幾天後,是時候轉移到john the Ripper來破解密碼哈希值的剩餘部分...
我用的Magnum-ripper編譯OpenCL支持ATI / AMD顯卡,因爲我想用“--format=raw-md5-opencl參數”。相比“--format=raw-md5”,這是更快的方式爲它使用你的CPU和GPU。
與john the Ripper中使用的規則是:
wordlist
Single
NT
Extra
KoreLogicRulesAppendNumbersandSpecials_Simple
KoreLogicRulesAppend6Num
KoreLogicRulesPrependAndAppendSpecial
KoreLogicRulesAppendNumNum_AddSpecialEverywhere
KoreLogicRulesAppendNumNumNum_AddSpecialEverywhere
KoreLogicRulesL33t.
您可以下載這些規則,並將其添加到您的john.conf文件中:
http://paste2.org/p/2048517
http://paste2.org/p/2048512
現在,讓我們看到john the Ripper的一些例子...
使用--rules=Single:
./john --format=raw-md5-opencl--wordlist=../../Wordlists/all.lst --rules:Single ~/hashes/md5_1
哈希破解結果存儲在默認文件john.pot中。您可以使用cat,more,head和tail檢查它的內容。
root@m3g9tr0n:~/Tools/Password_Cracking/magnum-jumbo-OpenCL/run$tail -n 9 john.pot
$MD5$0fad81e7a61b47d387dde893fcf8e88a:anacarolinagu
$MD5$0f82fc9a81f5db07eb9289767390fd2b:fabulousfoodsu
$MD5$0e22933267b2e7df062703c4e5842029:fabuloustravelu
$MD5$0d40086a54fefe993c9816d1441672ac:modularhomeu
$MD5$0ed8181fc4d18e260dd8e36633124bfd:greenshoppingu
$MD5$0d6e8da4017ec5c384ac5536087da44d:lawofattractionu
$MD5$0eb916d3c6a66a32cedd4acc6edb1dbb:hotreportu
$MD5$0e241f99b5c13d56686ec618ab54d5fa:flightsandholidaysu
$MD5$0f3c99478362aae389d2cbf716394269:stthomasmoresu
To generate a wordlist from the john.pot file,you can use the following command.
要從john.pot文件生成從一個字典,可以使用下面的命令。
cut -d: -f 2- john.pot | sort -u >cracked.dic
生成的字典可以與上述規則相結合來破解哈希值。
當我使用oclHashcat-plus破解MD5哈希值時,我觀察到,一些生成的密碼被拒絕。這是因爲oclHashcat-plus有一個關於字符串長度的限制。出於這個原因,我管道hashcat的結果輸出到john the Ripper,並且在john the Ripper中更好的使用hashcat規則。
./hashcat-cli64.bin --stdout~/Wordlists/d3ad0ne.dic -r rules/best64.rule | ./john --format=raw-md5-opencl--stdin ~/hashes/md5_1
嘗試所有字典與上述規則相結合後,是時候使用john the Ripper進行暴力破解破解。不幸的是,john the Ripper暴力破解***時不使用掩碼***以產生密碼。我們有基於包含在破解的密碼來創建我們自己的字符集john.pot。
./john --make-charset=eNtr0pY.chr
Loaded 7948325 plaintexts
Generating charsets... 1 2 3 4 5 6 78 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 DONE
Generating cracking order... DONE
Successfully written charset file:eNtr0pY.chr (95 characters)
你們中許多人會想知道“DONE 31”......這僅僅是因爲我編譯john the Ripper用31個字符長度。默認情況下,john the Ripper被編譯爲8個字符長度的支持,所以最好通過修改頭文件params.h中的以下行來改變,它位於john the Ripper的scr文件夾中。
#define CHARSET_MIN ' '
#define CHARSET_MAX 0x7E
#define CHARSET_SIZE (CHARSET_MAX - CHARSET_MIN+ 1)
#define CHARSET_LENGTH 8 //更改爲31或者你期待的值
最後,在john.conf中你必須包括您所創建的字符集,以如本例中規定:
# Incremental modes
[Incremental:eNtr0pY]
File = $JOHN/eNtr0pY.chr
MinLen = 0
MaxLen = 31
CharCount = 95
Now it is time to use bruteforce attackswith our own charstet!
現在是時候用我們自己的字符串來進行暴力破解***!
./john --format=raw-md5-opencl--incremental=eNtr0pY ~/hashes/md5_1
如果你查看john.conf,你會看到一些暴力破解***模式分爲外部。這些都是雙重的,帶鍵盤(使用從鍵盤字符產生的相鄰組合),KnownForce,日期時間,重複,順序,亞羣和DumbForce爲瘋狂的密碼格式。
./john --format=raw-md5-opencl--external=DumbForce ~/hashes/md5_1
在這裏提供的dict2hash.pl腳本幫助下,我們也喜歡破解雙重MD5哈希值。
perl dict2hash.pl < rockyou.txt | ./john--format=raw-md5-opencl --stdin ~/md5_1
在這裏,您可以看到與john the Ripper破獲MD5值的一些示例:
http://pastebin.com/uaGFXkBA
http://pastebin.com/LT5Gda9L
Personally, I believe a password like"$MD5$0b26a0faf1344d6e772bf55628e10e29:n34=mn { .clipboard $me }" isimpossible to crack with bruteforce attacks.
Note: All the abovementioned techniques canbe used with oclHashcat-plus by defining -m 100 and with John the Ripper bydefining --format=raw-sha1-opencl for SHA1 cracking with OpenCL!
就個人而言,我相信密碼像“ $ MD5 $ 0b26a0faf1344d6e772bf55628e10e29:N34 = {MN $.clipboard$me} ”是不可能使用暴力破解***來破解。
注:所有上述技術可以在oclHashcat-plus定義參數“-m 100”使用,john the Ripper定義“--format=raw-sha1-opencl”使用OpenCL破解SHA1
密碼分析
最後,值得一看的分析使用pipal(密碼分析者)從破解結果中收集的樣本。
root@m3g9tr0n:~/pipal$ ruby1.9.1 pipal.rb \
-o eNtr0pY_1~/Wordlists/Ultimate/Part1/eNtr0pY_5.dic
Total entries = 759103
Total unique entries = 758299
Top10 passwords
niezgadniesz123 = 3 (0.0%)
ubqu = 3 (0.0%)
amonys = 3 (0.0%)
centralitie = 3 (0.0%)
bobydu = 3 (0.0%)
hanghuynh = 3 (0.0%)
hmadyousi = 3 (0.0%)
matthewperman = 3 (0.0%)
shadowninja2 = 3 (0.0%)
lhz4 = 3 (0.0%)
Top10 基本密碼
august = 219 (0.03%)
july = 205 (0.03%)
april = 199 (0.03%)
june = 195 (0.03%)
march = 165 (0.02%)
alex = 161 (0.02%)
love = 132 (0.02%)
chris = 130 (0.02%)
daniel = 128 (0.02%)
dragon = 122 (0.02%)
密碼長度(以長度進行排序)
1 = 13 (0.0%)
2 = 103 (0.01%)
3 = 1332 (0.18%)
4 = 16781 (2.21%)
5 = 19831 (2.61%)
6 = 95800 (12.62%)
7 = 202414 (26.66%)
8 = 158562 (20.89%)
9 = 103855 (13.68%)
10 = 75652 (9.97%)
11 = 46023 (6.06%)
12 = 24997 (3.29%)
13 = 8423 (1.11%)
14 = 3772 (0.5%)
15 = 1560 (0.21%)
密碼長度(以計數排序)
7 = 202414 (26.66%)
8 = 158562 (20.89%)
9 = 103855 (13.68%)
6 = 95800 (12.62%)
10 = 75652 (9.97%)
11 = 46023 (6.06%)
12 = 24997 (3.29%)
5 = 19831 (2.61%)
4 = 16781 (2.21%)
13 = 8423 (1.11%)
14 = 3772 (0.5%)
15 = 1560 (0.21%)
3 = 1332 (0.18%)
2 = 103 (0.01%)
1 = 13 (0.0%)
|
|
|
||
||
||
||
|||
||||
||||
|||||
|||||
||||||
||||||
|||||||||
|||||||||||||||||
00000000001111111
01234567890123456
Oneto six characters = 133854 (17.63%)
One to eight characters = 494828 (65.19%)
More than eight characters = 264275(34.81%)
Onlylowercase alpha = 154996 (20.42%)
Only uppercase alpha = 14072 (1.85%)
Only alpha = 169068 (22.27%)
Only numeric = 119581 (15.75%)
First capital last symbol = 6088 (0.8%)
First capital last number = 73611 (9.7%)
Months
january = 109 (0.01%)
february = 45 (0.01%)
march = 247 (0.03%)
april = 251 (0.03%)
may = 850 (0.11%)
june = 246 (0.03%)
july = 223 (0.03%)
august = 300 (0.04%)
september = 80 (0.01%)
october = 134 (0.02%)
november = 113 (0.01%)
december = 115 (0.02%)
Days
monday = 59 (0.01%)
tuesday = 20 (0.0%)
wednesday = 7 (0.0%)
thursday = 38 (0.01%)
friday = 46 (0.01%)
saturday = 7 (0.0%)
sunday = 70 (0.01%)
Months (Abreviated)
jan = 1482 (0.2%)
feb = 249 (0.03%)
mar = 8397 (1.11%)
apr = 692 (0.09%)
may = 850 (0.11%)
jun = 889 (0.12%)
jul = 1051 (0.14%)
aug = 785 (0.1%)
sept = 215 (0.03%)
oct = 512 (0.07%)
nov = 821 (0.11%)
dec = 874 (0.12%)
Days (Abreviated)
mon = 4319 (0.57%)
tues = 28 (0.0%)
wed = 217 (0.03%)
thurs = 44 (0.01%)
fri = 758 (0.1%)
sat = 769 (0.1%)
sun = 1018 (0.13%)
Includes years
1975 = 411 (0.05%)
1976 = 388 (0.05%)
1977 = 446 (0.06%)
1978 = 432 (0.06%)
1979 = 441 (0.06%)
1980 = 541 (0.07%)
1981 = 453 (0.06%)
1982 = 519 (0.07%)
1983 = 533 (0.07%)
1984 = 603 (0.08%)
1985 = 585 (0.08%)
1986 = 616 (0.08%)
1987 = 710 (0.09%)
1988 = 641 (0.08%)
1989 = 941 (0.12%)
1990 = 931 (0.12%)
1991 = 995 (0.13%)
1992 = 935 (0.12%)
1993 = 905 (0.12%)
1994 = 907 (0.12%)
1995 = 4021 (0.53%)
1996 = 858 (0.11%)
1997 = 486 (0.06%)
1998 = 443 (0.06%)
1999 = 416 (0.05%)
2000 = 1024 (0.13%)
2001 = 643 (0.08%)
2002 = 586 (0.08%)
2003 = 1132 (0.15%)
2004 = 1254 (0.17%)
2005 = 796 (0.1%)
2006 = 818 (0.11%)
2007 = 1442 (0.19%)
2008 = 1019 (0.13%)
2009 = 742 (0.1%)
2010 = 767 (0.1%)
2011 = 516 (0.07%)
2012 = 925 (0.12%)
2013 = 165 (0.02%)
2014 = 142 (0.02%)
2015 = 146 (0.02%)
2016 = 118 (0.02%)
2017 = 139 (0.02%)
2018 = 131 (0.02%)
2019 = 172 (0.02%)
2020 = 179 (0.02%)
Years (Top 10)
1995 = 4021 (0.53%)
2007 = 1442 (0.19%)
2004 = 1254 (0.17%)
2003 = 1132 (0.15%)
2000 = 1024 (0.13%)
2008 = 1019 (0.13%)
1991 = 995 (0.13%)
1989 = 941 (0.12%)
1992 = 935 (0.12%)
1990 = 931 (0.12%)
Colours
black = 485 (0.06%)
blue = 549 (0.07%)
brown = 184 (0.02%)
gray = 89 (0.01%)
green = 348 (0.05%)
orange = 125 (0.02%)
pink = 262 (0.03%)
purple = 73 (0.01%)
red = 2974 (0.39%)
white = 179 (0.02%)
yellow = 85 (0.01%)
violet = 63 (0.01%)
indigo = 22 (0.0%)
Single digit on the end = 92080 (12.13%)
Two digits on the end = 87587 (11.54%)
Three digits on the end = 103715 (13.66%)
Last number
0 = 45407 (5.98%)
1 = 64764 (8.53%)
2 = 52570 (6.93%)
3 = 52890 (6.97%)
4 = 43719 (5.76%)
5 = 55185 (7.27%)
6 = 42826 (5.64%)
7 = 46169 (6.08%)
8 = 42475 (5.6%)
9 = 44930 (5.92%)
|
|
| ||
||||
|||| | | |
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
0123456789
Last digit
1 = 64764 (8.53%)
5 = 55185 (7.27%)
3 = 52890 (6.97%)
2 = 52570 (6.93%)
7 = 46169 (6.08%)
0 = 45407 (5.98%)
9 = 44930 (5.92%)
4 = 43719 (5.76%)
6 = 42826 (5.64%)
8 = 42475 (5.6%)
Last 2 digits (Top 10)
95 = 14675 (1.93%)
23 = 12192 (1.61%)
12 = 9230 (1.22%)
11 = 8214 (1.08%)
01 = 7606 (1.0%)
00 = 7131 (0.94%)
07 = 6295 (0.83%)
10 = 6182 (0.81%)
21 = 5881 (0.77%)
99 = 5868 (0.77%)
Last 3 digits (Top 10)
123 = 6857 (0.9%)
995 = 4122 (0.54%)
971 = 2916 (0.38%)
972 = 2850 (0.38%)
007 = 2514 (0.33%)
000 = 1868 (0.25%)
234 = 1725 (0.23%)
666 = 1465 (0.19%)
777 = 1389 (0.18%)
004 = 1347 (0.18%)
Last 4 digits (Top 10)
1995 = 3886 (0.51%)
1234 = 1379 (0.18%)
2007 = 1325 (0.17%)
2004 = 1121 (0.15%)
2003 = 1016 (0.13%)
2008 = 869 (0.11%)
2000 = 846 (0.11%)
1991 = 819 (0.11%)
2012 = 809 (0.11%)
1990 = 789 (0.1%)
Last 5 digits (Top 10)
12345 = 743 (0.1%)
23456 = 652 (0.09%)
54321 = 189 (0.02%)
23123 = 140 (0.02%)
56789 = 127 (0.02%)
34567 = 102 (0.01%)
11111 = 99 (0.01%)
45678 = 75 (0.01%)
00000 = 73 (0.01%)
88888 = 68 (0.01%)
US Area Codes
971 = Oregon: Metropolitan Portland,
Salem/Keizer area,
incl Cricket Wireless (OR)
972 = Texas: Dallas Metro (TX)
234 = NE Ohio: Canton, Akron (OH)
Character sets
loweralphanum: 330937 (43.6%)
loweralpha: 154996 (20.42%)
numeric: 119581 (15.75%)
mixedalphanum: 41121 (5.42%)
upperalphanum: 41078 (5.41%)
mixedalpha: 28464 (3.75%)
upperalpha: 14072 (1.85%)
loweralphaspecial: 10222 (1.35%)
loweralphaspecialnum: 5735 (0.76%)
mixedalphaspecial: 4724 (0.62%)
upperalphaspecial: 2939 (0.39%)
mixedalphaspecialnum: 2247 (0.3%)
specialnum: 648 (0.09%)
upperalphaspecialnum: 374 (0.05%)
special: 47 (0.01%)
Character set ordering
stringdigit: 349534 (46.05%)
allstring: 197532 (26.02%)
alldigit: 119581 (15.75%)
digitstring: 28873 (3.8%)
othermask: 18649 (2.46%)
stringdigitstring: 14577 (1.92%)
stringspecial: 10441 (1.38%)
digitstringdigit: 9981 (1.31%)
stringspecialstring: 5469 (0.72%)
stringspecialdigit: 3075 (0.41%)
specialstring: 834 (0.11%)
specialstringspecial: 510 (0.07%)
allspecial: 47 (0.01%)
Hashcat masks (Top 10)
?d?d?d?d?d?d?d: 85053 (11.2%)
?l?l?l?l?l?l: 38400 (5.06%)
?l?l?l?l?l?l?l?l: 36217 (4.77%)
?l?l?l?l?l?l?l: 35468 (4.67%)
?l?l?l?l?l?l?d?d?d: 24051 (3.17%)
?l?l?l?l?l?l?d?d: 18591 (2.45%)
?l?l?l?l?l?d?d?d: 18047 (2.38%)
?d?d?d?d?d?d: 16048 (2.11%)
?l?l?l?l?l?l?l?l?l: 14236 (1.88%)
?l?l?l?l?d?d?d: 13802 (1.82%)
結論
這是一個非常耗費時間和艱苦的工作,因爲我不擁有最快的顯卡。整個破解過程歷時約5個月來完成,因爲我必須完成我的CCNP認證學習。
從中學到的教訓是,一個好的智能詞典結合方便的規則,使用Hashcat或John the Ripper甚至可以破解強密碼。基於以上情況,管理員應該使用更強的哈希算法(加鹽)來存儲你的密碼,並在在定期的基礎上更改自己的密碼。
謝謝閱讀
你可以在推特上找到我, @m3g9tr0n.
下載
你可以下載破解的哈希結果值
721.9 MB -m3g9tr0n_122Million_Passwords_WordLists.zip
所提供的KoreLogic torrent文件包含了各種獨特的密碼哈希值。出於這個原因,你可能會在這些字典中發現重複的密碼,作爲一個單獨的密碼,可以使用各種算法來計算散列值!這意味着1.22億獨特的哈希值(MD5,SHA1,雙MD5等)被破解,結果中有8億3600萬個獨特的密碼。
您也可以下載“都在一個”版本,乾淨和分類:
270.2 MB -m3g9tr0n_Passwords_WordList_CLEANED.zip
export LC_ALL='C' && cat * | sort |uniq > eNtr0pY_ALL_sort_uniq.dic
參考:
hashcat Wiki [ http://hashcat.net/wiki/ ]
John the Ripper Wiki [http://openwall.info/wiki/john ]