Thursday, July 30, 2020

Password cracking basics using John The Ripper and hashcat.


The first bit of any password cracking job is to locate the hashes and determine what they are. In this case, we'll suppose you found an ancient UNIX box with a DEScrypt hash (in fact generated here https://unix4lyfe.org/crypt/ ), but the same technique applies to anything.

This is the file in question:

root@greyarea:~# cat DES.txt
root:SIn0L7jHFHvM2

So John The Ripper will happily have a guess at the type of hash for you. In this case it gets it right, though it is offering the GPU accelerated version as another option here.

It will try a default dictionary and default rules (append 1, append 123, append 1!, append 123! etc), which means it's technically a hybrid attack rather than brute-force (try everything), or dictionary (no rules)

root@greyarea:~# ./john-1.9.0-jumbo-1/run/john DES.txt
Warning: detected hash type "descrypt", but the string is also recognized as "descrypt-opencl"
Use the "--format=descrypt-opencl" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 1 password hash (descrypt, traditional crypt(3) [DES 256/256 AVX2])
Will run 2 OpenMP threads
Proceeding with single, rules:Single
Press 'q' or Ctrl-C to abort, almost any other key for status
Almost done: Processing the remaining buffered candidate passwords, if any.
Warning: Only 268 candidates buffered for the current salt, minimum 512 needed for performance.
Proceeding with wordlist:./john-1.9.0-jumbo-1/run/password.lst, rules:Wordlist
password         (root)
1g 0:00:00:00 DONE 2/3 (2020-07-30 09:41) 1.960g/s 18117p/s 18117c/s 18117C/s 123456..nutmegs
Use the "--show" option to display all of the cracked passwords reliably
Session completed

You can see it got the password pretty quickly.

To do the same in hashcat, we need to give it some parameters. Hash type, so 1500 is DEScrypt ( see https://hashcat.net/wiki/doku.php?id=example_hashes ), a basic dictionary and some basic rules.
--username tells it that the username appears in the hash as username:hash. -O tells it to use the optimised kernel if present.

root@greyarea:~# ./hashcrack/hashcat-6.0.0/hashcat64.bin -m 1500 DES.txt -a0 /root/dict/Top95Thousand-probable.txt -r /root/hashcrack/rules/best64.rule  --username -O
hashcat (v6.0.0) starting...

Kernel /root/hashcrack/hashcat-6.0.0/OpenCL/m01500_a0-optimized.cl:
Optimized kernel requested but not needed - falling back to pure kernel

* Device #2: Outdated POCL OpenCL driver detected!

This OpenCL driver has been marked as likely to fail kernel compilation or to produce false negatives.
You can use --force to override this, but do not report related errors.

CUDA API (CUDA 10.2)
====================
* Device #1: GeForce GTX 1080 Ti, 8312/11176 MB, 28MCU

OpenCL API (OpenCL 1.2 pocl 1.2 None+Asserts, LLVM 6.0.1, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
=====================================================================================================================
* Device #2: pthread-AMD A6-9500 RADEON R5, 8 COMPUTE CORES 2C+6G, skipped

OpenCL API (OpenCL 1.2 CUDA 10.2.185) - Platform #2 [NVIDIA Corporation]
========================================================================
* Device #3: GeForce GTX 1080 Ti, skipped

Kernel /root/hashcrack/hashcat-6.0.0/OpenCL/m01500_a0-optimized.cl:
Optimized kernel requested but not needed - falling back to pure kernel

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 8

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 77

Applicable optimizers:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 555 MB

Dictionary cache hit:
* Filename..: /root/dict/Top95Thousand-probable.txt
* Passwords.: 94983
* Bytes.....: 821551
* Keyspace..: 7313691

Approaching final keyspace - workload adjusted.

SIn0L7jHFHvM2:password


Now if you want to do a brute-force attack instead, we can ask hashcat to check all the possible answers*. (Ok, this next bit includes only ASCII characters - handling non-ASCII is a different blog post).

Below, we use -a3 for the mask attack mode, and give it a mask of 8 x '?a', and the -i (increment) parameter, which means "check passwords containing All characters (?a) from length 1 to 8". That is, try ?a first, then ?a?a, then ?a?a?a.

root@greyarea:~# ./hashcrack/hashcat-6.0.0/hashcat64.bin -a3 -m 1500 dcvSDktRof5iI ?a?a?a?a?a?a?a?a -i hashcat (v6.0.0) starting...

* Device #2: Outdated POCL OpenCL driver detected!

This OpenCL driver has been marked as likely to fail kernel compilation or to produce false negatives.
You can use --force to override this, but do not report related errors.

CUDA API (CUDA 10.2)
====================
* Device #1: GeForce GTX 1080 Ti, 8312/11176 MB, 28MCU

..

Session..........: hashcat
Status...........: Exhausted
Hash.Name........: descrypt, DES (Unix), Traditional DES
Hash.Target......: dcvSDktRof5iI
Time.Started.....: Thu Jul 30 09:54:48 2020 (0 secs)
Time.Estimated...: Thu Jul 30 09:54:48 2020 (0 secs)
Guess.Mask.......: ?a?a?a [3]
Guess.Queue......: 3/8 (37.50%)
Speed.#1.........: 11572.7 kH/s (0.90ms) @ Accel:1 Loops:1024 Thr:64 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 857375/857375 (100.00%)
Rejected.........: 0/857375 (0.00%)
Restore.Point....: 9025/9025 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-95 Iteration:0-1024
Candidates.#1....: sO} ->   ~
Hardware.Mon.#1..: Temp: 84c Fan: 67% Util:100% Core:1607MHz Mem:5005MHz Bus:8

dcvSDktRof5iI:abcd

Now, this tends not to be so useful, because it is searching a much larger space than our previous hybrid attack - but it can be sensible for some very fast hashes such as MD5 and NTLM. 

Monday, June 8, 2020

Mucking about with n-grams


I grabbed some of these from Google, so the first off, we grab the file, zcat it and get the recent-ish (post 1960) data, and only keep stuff with actual letters in.

for i in `seq 1 399` ; do echo $i ; wget "http://storage.googleapis.com/books/ngrams/books/googlebooks-eng-gb-all-4gram-20090715-$i.csv.zip" ; zcat "googlebooks-eng-gb-all-4gram-20090715-$i.csv.zip"  | cut -f 1,2 | grep -P '\t(199|198|197|196|20)' | cut -f 1  | grep -P '[A-Za-z]' | awk '!x[$0]++' > $i.txt ; rm -f "googlebooks-eng-gb-all-4gram-20090715-$i.csv.zip" ; done


Then I used with this ruleset, passphrase.rule, in conjuction with "normal" rules. 

:
s *
s $
s %
s -
s _
s =
s %
s ,
s &
s "
s #
s @
s .
s ,
s /
s !
@
E
Es -
Es ,
Es _
Es =
Es %
Es ,
Es &
Es "
Es #
Es @
Es .
Es /
E@
Es !
c
u
C
@ c
@ C
@ u
s - e-
s . e.
s _ e_
s / e/
s , e,

Getting some fairly pleasing stuff like "Intheworkgroup1."

Tuesday, January 7, 2020

Checking on Rule Utility


Currently churning through a bunch of rules to see if they're as good as I hope they are. (If you aren't measuring it, it might just be wishful thinking.)

So, run hashcat with --debug-mode=4 --debug-file=foo and make sure you have an empty pot file if you want representantive data.

Post process with this:

#!/bin/perl

while ($line=<STDIN>)
{
    chomp($line);

    if ($line=~m/^([^:]+):(.+):([^:]+)$/) {
        $line=$2;
    }

    if (!defined($f{$line})) {
        $f{$line}=1;
    } else {
        $f{$line}=$f{$line}+1;
    }
}

foreach my $rule (sort { $f{$b} <=> $f{$a} } keys %f) {
    if ($f{$rule}>1) {
        printf "%s,%s\n", $rule, $f{$rule};
    }
}

Which gives you rule,# occurrences if you run the debug file through it. Then you can plot log_10 of the frequencies and see which ones are actually any use.

This is provisional data, looks like a decent run will take a week or two...
(HIBP data, Top258Million-probable.txt dict)