Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 16 Oct 2020 00:56:39 +0200
From: magnum <>
Subject: How to attack's md5crypt "left" list

Here's an interesting exercise:

Download all not-yet-cracked md5crypt hashes from (pick md5crypt from "left lists").

At first I had the idea they would all be virtually uncrackable but many 
of them are as trivial as simply using our default tiny wordlist + 
rules.  There are over 14 million hashes, presumably attacked by a bunch 
of enthusiasts (some fairly experienced I'd presume) for quite some time 
(years), but never cracked.  However, the sheer number of salts was 
likely prohibitive and most script-kiddies don't have the slightest clue 
recognizing that, let alone how to attack it.

For example, if we can test 768 candidates per batch (eg. AVX2 running 8 
threads) and just as a ballpark example: As it takes a millisecond to 
test that batch for a single salt, trying that little batch against 12.6 
million salts would take 3 1/2 hours.  Not a good way to get somewhere.

So here's the way to do it.  Find dupe salts!

$ perl < md5crypt.txt -C0 -ne 'm/\$1\$([^\$]+)\$/; $l{$1}++; END { 
foreach $k (sort { $l{$b} <=> $l{$a} } (keys(%l))) { last if $l{$k} < 2; 
print $k, "\t(", $l{$k}, ")\n"; } }' | head
10a45ndj        (14863)
/ElmJTc/        (768)
ylUxT0Hc        (718)
OzCQggdn        (696)
ly6NWOAJ        (685)
15OWfSYp        (677)
PKPOrMhD        (675)
yfZGygxZ        (665)
4BPpE15m        (664)
qsmGo59F        (648)

Wow. 14,863 same-salts, you've gotta love that! So how do we exploit 
this using JtR?  Simple, just use eg. option "--salts=1000". What this 
means is "only load salts that have at least 1,000 hashes".  Per the 
above, only the one salt with over 14,000 hashes will be loaded. 
Unexperienced users that banged their head over this dataset before will 
now be amazed at what speed we can attack (part of) it, because the 
speed of a single salt is (naturally) the speed of an unsalted format.

If you happen to end up using --salts=400 instead (I did), you will load 
about 110,000 hashes but only 192 different salts.  What does that mean 
again?  It means you will attack 110,000 hashes, but at the speed of 
attacking a mere 192 hashes.  Recent builds of Jumbo will show the 
boost, such as "Remaining 109476 password hashes with 192 different 
salts (570.2x same-salt boost)".  Picture that, it's like having a GPU 
while you run a mediocre CPU.  Now, picture doing this while actually 
**running** on a GPU.  That's where fun begins.

I cracked about a thousand hashes in a single hour, using the very most 
basic first steps.  I wont submit them so I encourage you to do so. 
Now, practice, young Jedi!


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.