Password Cracking 201: Beyond the Basics

welcome to ground one two three four I'm your host livebox here to present Royce Williams with password cracking not 101 with 201 beyond the basics the floor is yours thank you well technology moves fast this slides already outdated there's only seven cats in this chassis and there's I'm told they're working on eight nine ten cat jassi's so yeah it's hard to keep up mm pass for cracking 201 will do a little bit of one-on-one I'll try to be kind of a speed run through that we'll talk a bit about me a little bit about you the various kinds of people that find themselves in this line of work I guess you could go on some 101 some things

that naturally or artificially constrain cracking some core attacks a little beyond core and some common pitfalls bootstrap tips a little bit of cultural stuff too and then questions disclaimers are pretty self-explanatory this is just sort of observed I'm almost more like a sociologist in the password field I'm not a lawyer this is not legal advice things can be different in different parts the world different companies so use your best judgment consult with your attorney if you need to and I gloss over some of the details so some of the world-class experts in the room who I might not recognize my site might be a little bit impatient that hold your Corrections for the end please I'm

currently in the financial sector I came from ISP background 12 or 13 years worth in Alaska so interesting challenges a lot of latency I do some independent security research and I enjoy long keyboard walks on the beach good see all right see you all ready for 201 all right okay so I'm kind of a taxon amidst by birth and so I sat and try to think of all the different people kinds of things that happen in password cracking world it's pretty obvious from the list you're probably at least one of these maybe more and there's you know white hat and black hat variance of all of the above it's good to look outside your swimlane a

little bit to learn from the other disciplines or sub disciplines you might say password cracking it's important to try to think about what they were trying to accomplish instead of just mimicking what they do so I'll try to touch on some of that a little bit here today what they almost all have in common is the clock all right you got to do it a certain amount of time pentester competition got something else you're supposed to be doing that day in trouble tickets you know whatever so there's a lot to be learned there from each other competition is this specifically interesting genre because in the pressure of the gamification of it it's exciting like you're motivated to learn

it's one of the best ways to to get started yeah some some disciplines don't really share and that's kind of true for a lot of password cracking stuff you kind of get little hints and and rumors of things but in some ways I think it should be professionalized that's kind of a topic for future talk bring some of that out of the light compare notes common body of knowledge that kind of thing but for now all we can do is observe what we can see from here and I overtax on amazed as I was thinking about it some interesting questions that you can ask about various credit to sort of cleave the dichotomies key of what

kind of cracker you are who owns the hash it's an interesting question is the user is it the company in some cases it's the same it's your own box in other cases is the patent hashes are stolen whose rights are violated who's gonna be mad about that that kind of thing and obviously there's a lot of question marks here because I haven't filled it all out yet but there's some interesting interesting ways to distinguish and I think we can learn a lot from those so you're here because you want to learn more about cracking passwords seems reasonable but more broadly to do it in a way that sort of informs your own progress you want to be able to do it

sort of a little less casually if that makes sense under your own power I also assume that you've got some kind of cracking software it's pretty easy these days with some of the fully open source until I've started research I actually hadn't really heard of Dave Grohl as a password cracking suite that's one of the three they're fully open source some are free but not open and interesting a lot of the commercial packages are actually open sourced under the hood that's often true for a lot of projects loft crack recently released seven is actually John the Ripper under the hood tab blows password recovery is a pass where's forensic kit inside and sakinah's hash stack is actually a

commercial fork of hash cat now and it has an API and full distributed processing and stuff but if you have been in circumstances where all you've been doing is commercial I recommend open source there's a lot of innovation happening there there's a great sort of opportunity for training ground learning things that you wouldn't learn on the software you've got there's a lot of non gloss there's not a lot of GUI there's some overlays but I recommend learning how to drive a stick before going automatic play with the command-line pipe things to each other get a feel for how it feels on the road so to speak and also if you're using one of the packages

that no excuse me to swim if you're using one of the packages that has open source under the hood and you see a feature show up in the open source version you can kind of prep the vendor in advance and say hey this is coming down the pipe when are you going to integrate this with your GUI sometimes I don't even know you might find out first and it might be something you're really interested in for your use case we assume you have hashes I don't really talk here about how to get them other than John Ripper has a lot of tools for converted them into formats that both John and hash cat can use hash cat tells

people go use the John the Ripper tools because they're slick and yes these are all real hashes they're all pretty easy of a little puzzle if you want to download the slides later I don't recommend copying them down though I'm being and this is to be clear distinguish from the offline online attack you know hitting a web front-end you've already got the hashes in hand and you can do something in bulk locally offline in your own time I also assume that you know the basics of password storage they're not really stored their hash they're in a format that you can't get back out without a lot of additional work the difference between salted and unsalted I assume that you already have

some grounding in that some hashes are slow take a lot of work some are fast good for the attacker pad for the defender when they're fast and yeah if you if you catch anyone saying they're decrypting or D hashing hashes just stop that right now that it completely violates the whole the fundamental understanding what hashing is it's what one day trap one-way trap door function you can't get there from here you're not D anything I'll also assume you know most the basic modes rules Combinator masks brute force which is really largely been replaced by masks these days and the the nature of the the masks and the brute force type work isn't a aaaa it's based on character

frequency per position in the word so it's very efficient at making really good you know English looking guesses if it's a like based on rocky which most of the default packages do based their markup on and you know a little bit about psychology you're all users of passwords right human memory is finite so if I if you're a chess master and I asked you to memorize this board you can do it in pretty short order because you have referent and you could almost say pointers to visit various patterns on the board so as once you're familiar with the domain you have a competitive advantage so to speak but if I throw this board at a chess master they will

perform no better than a novice because they have no chunking capacity to turn this into things that they could store temporarily in that window of five to nine memory slots that we on average have that's the way password memorization works as well people tie the things they know to chunks of stuff they already have stored because Harrah's our example Kevin 1963 and it's there was an earlier talk about entropy that I didn't get to attend but I assume it's something along these lines that real-world password entropy is not the same as like Shannon entropy or the kind of thing you get the score when you put in your key pass there's specific chunks and if you have a scheme it's even less

than this right if you always use your kids name then you just rotate kids you have to store even less right so people do that and the attackers know it and this is one-on-one stuff but I just want to make sure that we have that covered it's much less expensive than brute force and so just as a proof of concept if you want to tackle that and download all everybody's first names from facebook as of 2010 you know has been a lot of innovation and naming lately and then tell hash cat or whatever I'm kind of hash cat prone but that you're gonna do a Combinator attack and you're gonna do you know drop case that's the the

apply the ruled left-hand side lower case for every name that's in there tack on four digits wash rinse repeat if you want to get fancy you could tell it 19 and 20 but in practice for an attack like this unless it's a super slows if it's C its md5 don't bother it's not worth the trouble it'll take more time to load everything up and actually perform the activity

[Music]

talk about some cracking constraints you see he's constrained get it that's right so this has long running passwords conference thing with a cat theme so I thought I'd go with that try to make it a little bit on topic another big trip cracking constraint the first one physics math all right this is actually stolen straight from Rob Graham website the both this talk that he gave and the blog post are excellent that there's this wall this you might call a brute force a wall that once you get to that point it becomes infeasible to just throw resources the problem or at least throwing resources the problem is linear right you want to get twice as much you

guys put twice as many GPUs or FPGA or whatever this is an exercise I encourage being able to sort of fluidly do back the napkin sanity checking of the math yourself so I just kind of threw this up here you can see the progression of how many characters and it's you know straight power 95 squared and all the printable ASCII characters including space until you get down to 95 to the 10th which is five point nine times 10 to the 19th which is a lot so nice cross check you know here's an example of a box with hash cat benchmark six GTX 1080s nothing fancy no overclocking 149 billion hashes per second which sounds respectable right but oh I forgot the in

order to enable being able to sort of wash rinse repeat do your own benchmarking compare how much you think the attacks going to take to your current capabilities because you could lose a GPU in the middle of the contest and that kind of thing or you might have a buddy who's gonna help you out see you I'll sudden you have twice as much capacity what's my new benchmark right so you gotta be ready to do things like this you can tell hash cat to output the benchmark and then pipe that straight into another script say okay I know this is TAC gonna take this long and I know my hardware is capable of this many

calculations per second here's how long it's gonna take is do I have enough time for that or not and so the calculations are you know pretty stark there once you hit that between nine and ten you're talking about twelve years with a you know what are like a four grand box roughly it's and you might think well you give me a fear the NSA or something you could throw a lot more at it right but no there is there is a a point where it becomes sort of like heat death of the universe infeasible this is a Jeremy ranting about people that have like twenty five thirty character random passwords in their key pass expecting

that that's gonna provide some additional padding you know with if you don't know the math yeah you can air in the side of caution but once you do know the math it's a lot it's very empowering to make decisions as a defender as an attack or as an attacker so we're gonna check is he right is is is twenty way overkill well if we you know this is the math I stole a straight from Jeremy's Twitter rant the the ceiling of the log of the base of the number of characters times the number of seconds per year as you see the map there it so if we assume just sixty two characters me about all

the specials just an upper lower number and a hundred trillion hashes per second like the Snowden quote while back was assumed a trillion per second for a well-heeled nation-state attacker let's just go all out let's say we want to last a hundred years and last for a hundred NSA's so to speak fourteen characters it's all it takes and I if that seems counterintuitive to you that's okay right I see some furrowed brows and the audience right the the that the math doesn't lie and until you can do the math reproducibly and compare the two in an objective way you will be constrained in your ability as a password cracker to grapple with these problems so I went to go from Alfa and I have the

nice thing about Wolfram Alpha until you're ready to do the the Python stuff you just type in totally normal word thing you know how many bushels in a pack or you know how far is it to Argentina from here and it it does its best to kind of puzzle it out so you can say how you know given 95 characters you can just a little constraint but you can really do some pretty sophisticated stuff with it until you know how to do it yourself on the command line or whatever so let's let's scale it back a little bit let's say only a hundred billion hashes per second and we only want to last for a year let's assume

we're using a 17,000 word dice or style dictionary five words that's it and compared to that which would you rather memorize all right now if you had the same capacity you know you 100 you would be like 7 or words or eight where it's something like that but you but you get the idea that you can enable as a defenders you can enable people to be good passwords as long as they don't have to grapple with some naive complexity requirements that NIST is recently deprecated you can enable people to choose good passwords they can actually remember this is straight you know correct horse battery safe will stuff this should not be news to you guys um but if you're super concerned

well I just learned recently from James woo about Landauer's principle from physics about the theoretical minimum energy to flip a single bit and it's sort of an upper bound I mean this this this includes Moore's Law this includes he Ringworld engineers grade we're gonna suck in you know energy for another universe maybe there's there's only so much you can do with the energy you have if you take that into account you assume that you know galactic attackers yeah you'd have to go all the way to 35 character passwords but that's the kind of extreme upper bound I'm just throwing up there as a by contrast all right some other cracking constraints speed of the hash you have

no control over that when somebody gets popped or you're in a corporate environment that's all you've got to deal with if it's faster hash you're lucky you can do all sorts of cool experimental stuff you can throw the whole kitchen sink at it if it's slow hash you're kind of out of luck unless you already know something about the target wpa2 is classic for that for pen testers right like okay it's a Kids charity in Wisconsin so pull the street names from nearby pull the words from all of the from the the Chamber of Commerce nearby you know the Wikipedia article common terms from sosial or Social Work you have to throw a pretty specific set of

the kitchen sink at it to really make any progress and you've also got a single hash to write when you've got like a billion hashes or whatever you can you get a reasonable amount of progress it's kind of bolstering it's kind of fun right but then you kind of hit a wall at some point but when you've only got one that becomes cut it's about the numbers at that point and then the password requirements if it's corporate or if it's you know in some cases there's some the default on certain ApS conformed a certain may generate for you but it conforms to certain patterns and if you didn't know what they were and you were just looking at the results of

your first cracking run you found pretty quickly discern like if you tell it to just incrementally start at root force one character to character three characters and nothing happens for a little while and then all of a sudden it's seven characters it starts spewing you know the minimum right you have to worry about any other attacks that require six or less and it's other things that constrain you well the software's capable of the things that you know how to do and how much energy you have and that's important to conserve in some of these contexts that if you're you know doing a like a contest or whatever you just like listen was Einstein who had all the same

colored suits in his closet he didn't want to burn the energy on making that decision because he knew he had a finite amount of decision-making power for the day and there's been some studies to support that so uh yeah the more that you can kind of script in advance train in advance drills the better off you'll be when the time comes some other constraints your own you know how much budget you have for GPU and that kind of thing your command line foo or Excel and or whatever your choice of poison is you need to be able to take lists of things and turn them into other things and strip out stuff and split based on a

character and a variety of so you're not going to know in advance necessarily there's there's a semaj there right it's probably if it's corporate you kind of know you know that kind of thing but but the more you can do to up that game the better off you'll be so if you don't have some command line foo that's a great place to start growing some your ability to acquire inputs that's not as hard as it might seem we'll talk about that later and then oh look here's a new contest oh I gotta go do all my stuff and look up those command line syntax for hash cat and yeah just you can script all that

and you know and half get has some arcane 0 is md5 and you have to just memorize that or grep the man page but there you can script some of that so you can make the decisions you can pick the ones that you use most often with I haven't remembered that kind of stuff there's some platform considerations looks like a pretty open platform some quick stuff grab bag of OS hints it's it's it's showing that shouldn't be too surprising latest drivers I see a lot of people trying to use Kali don't or they're using the Kali in the VM they want to run hash katuns the hash cat that was bundled with Kali don't use the native OS using the native

you know hash cat John the MDX find I think it's Windows only the opions OpenCL implementation in cali is flaky I'm not a developer but I've just observed people getting whacked politely for trying and it's understandable right it's a natural thing to want to do so there's some coordination with upstream downstream that needs to happen so you definitely use the the ones that are straight from the source and not the package delivered ones well you kind of need both keep them both in your back pocket because there be new features versus bugginess depends on how important that run is versus what feature you need that just showed up last week the reference cards are excellent from Nvidia they're very

Hardy I take that on advisement for some people to buy them in extreme bulk so they run like tanks you can buy mused and it's it's it's like - uber in Alaska they really hold their value right and lock speeders a little bit of a contention about that I'd lock mine on 80% after somebody suggested that because when you look at the stress on the the fans running it 100% is you get not a lot more cooling for a lot more stress on the hardware open-source has some great advantages no caps right a lot of these commercial packages you got to pay X amount to get Y hashes as a target and script it standard in

standard out and and there's a lot of Magnum there's a lot of John development and a lot of hash cat development and so there's a lot of synchronization there they coordinate to make sure that when they add new rules that they pick something that's not in each other's namespace and they match they try hard to make it as compatible as possible within reason and you can contribute yourself but commercial has these advantages right GUI is big if you just got something else you need to do that's great then if you want to tinker a little bit in your off time to try to shore up those skills and learn some techniques from the other side of the fence I

highly recommend it and you can try some of them out you know look at 30-day trial or whatever I did it like I said earlier there's some front ends and there's some pretty cool hash you I've tried a little bit but for the most part I prefer learning it the hard way at least at first or both you can you can kind of work either side of the aisle and like I said earlier you can hit up the vendor when you learn things with happening it's coming from their upstream a little bit about input management storage is important but not for the reasons you might necessarily think the focus when you're building word lists should be on

human generated strings when you are looking for the 120 gig wad of whatever that somebody is basically just tacked one through nine nine nine nine onto every word in the dictionary anyway and you can do that five hundred times faster on GPU with two rules just don't you don't bother all right you're better off be curating the the human generated specific or you can get them that so that's found and and other sources of human words right hashes org is a community cracking collective and they take all of the leaks and as a contest there's a leaderboard and they keep track of like oh here's LinkedIn and we've cracked ninety one point two seven percent of it and if you want to

download the ones we have cracked here or the ones that we haven't so you can try out those and help us out and there's an API and you can push it back as a result it's literally like one of the most effective word lists that you can use and there's like a you can pick and choose right like if you're practicing on a LinkedIn dump you can download all of the other ones you have doing one at a time and then take that data use your rules and practice against the LinkedIn because otherwise if you use the LinkedIn data on your linky you're gonna get a hundred percent you're think you're awesome people don't usually get a hundred

percent and as I said earlier yeah if for slow hash is acquiring word lists involves acquiring them from context in some way websites etc lots of sources for Strings Wikipedia wiki lots of lots of fandom fuels people's inner lives which pupils their password selection the rapid7 DNS any project is awesome they use either Z map or mass scan to scan the entire internet on a very regular basis a couple of 10-gig pipes and whatever and then they also pick out the host names from the cert if there's SSL being spoken at the remote so you get all sorts of names that you would never see and this is great for outside of password cracking there's all sorts

of neat things you can do it's like a for those of you know the no DNS it's like a giant zone transfer for the whole internet right and there's it so it's rich with people had to come up with a unique word for their subnet there's a host name there and you can just feed that straighten all the others are you know pretty obvious shouldn't be surprised to you deduplicating them is interesting some people do with database I'm more of a flat file guy I'm self-taught and like I said I'm more of a sociologist than a real cracker so there's there's probably some gaps there's some places for me to learn but unless you're doing like a big ol Hadoop

cluster or whatever you're probably better off with flat files I I split when you when you bring in like you get a dump and it's got email addresses in it email address left-hand side is great fodder user names make great passwords somebody's user name is somebody else's password and vice versa right so you take all of those and then up they'll use an email address as their password and you might necessarily have it from an existing dump if you take all the left-hand sides that you've unique to cross all of those dumps and in the right-hand side with all the domains of all the emails speaking domains and then use Combinator with a rule to put an @

sign in the middle and flip through all those you'll get a wide variety of password to that way you wouldn't otherwise get I'm just I'm laying that as an example of how deduplication is important but you want to keep the original as well and so what I you normally do is I keep the raw data and that some of the transformed data on spinning rust and then SSD for the stuff I actually pull for the attacks I learned the hard way oh I wasn't converting that the way I was supposed to and I threw away the original and it took a three days to town load yeah so definitely definitely keep the originals oh yeah I forgot to mention RLI is like

the go-to for a fast deduplication of lists of strings and keeping them in their original order which is super important for password cracking purposes if you get a list and it says password at the top it's probably sorted in a way that you want to leverage if you try if you run it through sort - you and saying then you've destroyed the implicit knowledge that's in there so be sure to preserve order when you get those kinds of lists conversion utf-8 is king it's the web de facto standard any list that you get that isn't in utf-8 I usually recommend people convert to it as a standard base and then you can convert on-the-fly hash got recently added some

flags for encoding decoding on-the-fly and I think John's had them for a while and there's a long tail to there like if it's web it's probably gonna be UTF anyway so you're you're done and then if it's not that's less likely and you can convert it as you need to if there's HTML escapes in there which it does happen rura penthe xuer sort is pretty cool that's a live link in the in the slide that's a Python script that has a whole bunch a Swiss Army knife of normalizing word lists one way you can clean up some of those big dumps rather this big mashup dog piles that people build if you want to actually try

to can pull because there are some real human strings hiding in there that you might not find otherwise there's this process that linguists call stemming where you figure out what the base word is it's kind of tricky especially in the password context all sorts of transformations happen the most of the linguistic work doesn't take leet-speak into account for this purpose but there's a lot of interesting work being done in this space ruh-roh sort also handles some of that at the the it does speak feat and all those things and you can tell it yes strip those things out but leave these things in if that's what you need for your purposes it's pretty slick managing masks core logics is great

they're kind of a like the butterfly of password cracking because there they profession to it for are a number of organizations like fortune 500 and that kind of thing so that and they retain some metadata statistical analysis so they the core logic and that's also a link that is a compilation the top hundred masks most likely used in corporate environments the United States actually I don't know if it's a nice it might be worldwide I'm not sure what their market field is but it's a great place to start and usually it's a upper/lower specialty end because so many of them are constrained by those complexity requirements so it's a but they have a cost to it takes take some

call a time to run them so it's important to do them in word frequency and frequency order so to speak I had some problems where I was getting excited I think I was working on LinkedIn and I realized I had wasted a bunch of time because I had been processing some masks I had already processed and I wasn't there was a really good way to for me to manage that so I I found out that hash Katz log has got that raw and you can parse it and you can pull out just the ones you've successfully exhausted and then for any future masks you get from somewhere else or you build from your other statistics

you can pull out the ones you've already used it's begging for a better tool than that though I should probably break out some parole sorry and and write something but you can't and if you do want to do it yourself the codes in the whole log or semi human readable you got to look them up in the source code type study rules management is an interesting one for people to have a lot more crunching power than you or working really hard on figuring out which rule sets worked best using this list of planes against this target and then there's kind of a bake-off best-of-breed that bubbles up and then every once in a while they'll publish some of that

that's some of the automatically generated ones that are shipped with hash cat or based on work like that some of them are hand rolled but a lot of them are based on like you know rough AI kinda right so evil MOG has some recent stuff he's just started putting up again on github some great rules that you can pull from depending where you get them you might have to massage them in various ways you can see they're from the list and you can have to strip out some of the other making your own just kind of fun you can roll them yourself or you can generate them from your own data using barter bells rule finder it's pretty neat and so that

way you can build rule sets over time like if you if you're a recurring auditor for an existing corporation you can get a sense of which rules work best for your user base over time and you can keep using them duplication is tricky that the for a lot of reasons rules have you can write them five or six different ways they only end up the same result so is it a duplicated or not it's tricky so there are people working on it but there's not a solid solution for that yet alright I'm sure this is part of what you were interested right the attack methods part cheat you'd be surprised how often this actually works

for unsalted hashes right it's an important distinction you can't just take your ntlm nor should you patient them into google or some joe's cracking and bait and tackle shop calm taste your hashes in there probably not a good idea so yeah Google and Bing both because they return different results if you're off hunting for unsalted hashes and there's a lot of sites that do it for you you can do lookups but if they're if they have no results for the one that you passed them they'll still keep it and they'll do some stuff and they'll try to crack it later so take that with a grain of salt you have to be cautious about what you decide to hand off to a

third party and you may have obligations but I'm not a lawyer so consult your attorney and then google spidering only goes so far so you gotta hit the site itself to try to get hashes just because yours it doesn't appear there and Google doesn't mean it's not there on the site itself but yes as I said be careful that that question of hash ownership is an interesting one but you can you can bet they're probably not yours yeah so it's a good idea to take the high road and treat them with some caution custom Markov is something important that if you haven't had pretty done custom Markov before bueller bueller not a little bit of nodding so out of the box

hash gate i think i think john the ripper also have markov based on rock you just straight word frequency letter frequency based on position and you can build your own it was great for working on linkedin because there was lots of lis things happening and separate from word lists stuff right the people would lots of people just tacked linkedin onto the end right that's perfectly normal perfectly healthy but inserting li right in the middle of a word is not something that a traditional take word and do something else with it on the end attack would really do but but the Markov is more likely to let those bubble up the top so you know even for your other

attacks that you're already just sorting doing masks for brute force for you can get a lot of mileage out by building your own how many of you used prince mode in john or hash cat hands hands this is fantastic it's the it's the best mirror for your current cracking capabilities that there is in my opinion at this level right i'm sure there's like the five or six rockstars in the world that that and like oh yes prince I've heard of it but because it's so good at combining so many different things in a sequence that the things you haven't yet tried become very obvious because when you're cracking passwords and you first fired up and this like

it's going by so quickly that you can't even read it you know I call us is great and it slows down a little bit you can start to kind of see what the words are and oh that's interesting it never occurred to me somebody would put their social security number and a password oh well I can try that right and so the low-hanging fruit starts getting eaten away until you get down to the meat of the things it's picking passwords like where did that come how did it know right and if you can figure out a way to get in the mind of the person who selected that password and how they generated it and rule Phi

that then you've added to your toolkit and from then on that rule gets thrown on GPU and you'll get all passwords in that class forever just because some other process there's also it's amazing how many flags there are and john and hash cat that i just kind of ignored i didn't really understand why they were there but there's a like a little nugget of wisdom hiding in there every time like a year later be like oh that's why that flags there the there's a random rule generator you just like I'll just just just pick a rule any rule because it sort of this sort of rolls of dice I got nothing what what and then and then you

can get a few and then you can work on the results so it's a it's the single best way to bootstrap yourself into becoming a better password cracker in my opinion lots of great details about it as you can see from the performance and this is this was compared to just a couple of years ago you know people working on similar data sets you know professionals only got to this level after a you know X amount of time and out-of-the-box prints does is that well just all by itself you can go get some coffee and go to the movies oh yes as I said yes use prints that's the short answer oh yeah so the when you've got other

attacks scripted prints has an optional resume feature so you can break out of it and go back where you pick up where you left off and so I run it on a trickle all the time against existing data sets and I have it fired some people once their rig is finished they'll like have it my Bitcoin or whatever and you know depending on the market that might be best but fallback to prints for some other data set that you've got burning because the more of you crack the more plans you have for the next attack some of these are should be relatively intuitive but feeding things into other things is something that the open-source guys do well but

the commercial ones not as much everybody can import word lists that's kind of a fundamental thing that you have to do but just like a lot of Microsoft products the import button works really well but the export button not so much right so being able to pipe the output of hash cat or John into something else if it has a method for generating words do you want to push to some other tool have at it it's all about being able to put your hand on the tool quickly without having to think about the tool like you've already trained up a little bit so you can sort of fluidly just like people doing any like trade work where you do good tools

the ones you don't think about that's that's the state you want to be in that you're ready to do that kind of work without having to give it thought and then you need to be able to measure the performance to tell whether or not what you're doing is working or not Oh ASN backups very important having to tell your wife that the 200 extra dollars that you spend on electricity last month just went bye-bye because all of the stuff you generated is gone does not does not go well with the household stakeholders so about speed estimation it's really important to consider how long the attack that you are going to make is going to take and we talked

about a little bit earlier because you have some triage decisions to make you've got X amount of time you know you're gonna get on average to this much benefit from running this for four hours and then you're gonna kind of eyeball it and say okay this isn't working it's kind of playing the talk of stock market like okay I'm gonna hold that one and I'm gonna buy here and you have to kind of make that decision at the time right because conditions change you won't be able to predict in advance so being able to do that programmatically to get a sense of what the actual attack speed is important benchmarks are often different from the actual

measuring how much time it takes is only helpful for you in a specific window of time you can't compare yourself to your rig next year or your buddy or how you're boxing out whacked for two GPUs blue if you were measuring solely on wall clock time the gold standard for this is position how many guesses it took hash guide has some cool output flags for this is kind of a debug II sort of thing you have to deliberately invoke these are the different formats of output you can choose from for various kinds of analysis a bunch of them have cracked position in them as an option so when you run the attack and you've got the output you can see just

in raw guesses so someone can take their benchmark and turn this into and here's how long this would have taken me with my gear today so the person you're comparing notes with could be the future you right so it's important to keep an absolute value there for comparing your progress over time and so this is what the results are this is usually the output of Excel or anew plot usually the new plot for the geeks and as you can see on the x-axis here number of guesses has nothing to do with absolute time this slides a little light because pack is super cool how do you use the pack toolkit before cool the he he was he was

a it's I Felix I thought it was IP helix for a while it's actually pronounced azide I Felix he's he's left us now he's gone on to other things some cooler stuff but he was doing some cool baffle cracking fur of time and there's some really great tools on the do statistics and generate masks automatically based on an attack plan you tell it you have 24 hours and this is how many cracks per second I can do for this target hash and it'll just pick here's and then Ally Bala it calls it opt index where it says all right this is probably the maximum number of passwords you get in that amount of time using these

25 masks or whatever based on the information you feed it and the best thing to feed it is the results you have so far did the data that you've got and then things like rock you of course we talked a little bit about already about non-ascii and converting it on the unix command line i convey is king for that too from brute force of multibyte is interesting if you're chasing the long tail of a hundred percent asymptotically you'll be interested on four websites there's a lot of sites that will accept things like emoji that are wider than one byte and brute forcing that is tricky there's some interesting workarounds for that and hash get I

think it's easier in John I don't actually know that for sure there's some gaps that have been revealed as part of this research some tak plan principles these should already be a little not not surprising after what you've heard so far quality and frequency order King crack the easy stuff quickly there's it especially if it's a big dump there's a cost to loading them per attack if you quit and go and try something else you've got a load 61 million hashes and they got to be partial they got to be put into a memory structure and the and that's nothing on this flag I didn't know what it was for there's a flag and hash cat to remove them after you've

cracked them so you don't have to worry about managing it up you saved the original and you just keep pulling out the ones you've cracked so that every time you start a new attack you've only got the ones left and you don't have to take that performance hit every time you do the load capping attack run time is often handy when you're watching especially for markov it'll start fast and then it'll start slow down and there's a threshold at which like this is probably not worth it and we especially when you're learning at first you can just kind of you know pull the ripcord and then quit and go onto the next attack but if you already know that

roughly that's how long it's gonna take you can tell hash cat and John I think just run for an hour and then move on to the next attack so you know you can you can go get a coffee in whatever and then you engage your wetware while those other attacks are working if you have the time right and during a contest that's pretty much most what you'd be doing studying the cracks you've got to try to figure out the patterns and how you can emulate those patterns with the next attack as efficiently as possible like what's the best bang for the buck in that moment and the tools and the analysis like pack helps with that and

helps with that or arranging my time keep notes like keep notes as if you were gonna have to like defend a patent someday there's a there's a lot of lost value in not keeping track of what you've learned before especially as you get older it's for those of you or 20-somethings that day will come when you what was that last week I was just doing you could heal read code you don't realize it was yours so you see the comment at the top right so so leave yourself some breadcrumbs future you will thank past you for the favor and it's all about scripting it so that you can you can do it fluidly and and

quickly there's something to be said for getting the like premature optimization there's something to be said for not trying to get too granular too quickly too restrictive in rules especially for fast hashes like I said earlier just don't bother you're better off tuning it later once you realize it's slower than you were expecting and then the fallback attack as I said earlier I'm a big fan of using prints as a fallback so you should already now at the end of the talk recognize this as a sign that there's some room for maturity right if you be nice to the noobs right because we are all in some way or another but and this is a good instinct

they want more input you want more input but just grabbing more words is not going to cut it the questions instead should be how do you get human generated strings how do you extract base words from those strings and what are the effective rules I can apply the target given the context this happens in non-trivial amount of time in the hash gate IRC channel and and then when we send them the link to Wolfram Alpha room that tells them 120 times the heat death of the universe like oh well maybe I'll get a cup of coffee trying to detect what type of hash you have is kind of outside scope 201 but this is not straight md5 even

though the frequency is the same it is an md5 but not of a plane and there's so many different schemes that can apply the the forum and and contest guys have this really blocked out they have there's a guy named waffle who just goes to town on weird unidentified hashes figures out what they are root cause he's kind of a savant EDX it's pretty scary there are tools that will help you make a broad guess about what kind of hash it is but it's it's the proof of the pudding is in the tasting of do you get a crack then you must have the right algorithm and we already covered why this was probably not a good idea

in fact it's so much not a good idea that for a while this was the top Google hit for Cali hash cat because there's a rule in the hash cat forums that if you say Cali it replaces it with this string no slam on Cali right like it's an open seal thing that's complex and there's a little he said she said maybe but but that the take that home get get Cali out of the way of of cracking in this context some history stuff this is this is fantastic thing about what came before sort of a survey of how hashing it and began which is fantastic and then here's some basic stuff for bootstrap and yourself the

best advice I ever got for password cracking well second best was probably prints and the first best was when a bit weasel said you should probably hang out in the hash cat IRC channel that's where the stuff actually happens not alert for a while and I had my noob moment I hadn't been on IRC ever so it was an interesting experience but it you learn a lot and there's opportunity to step up and do you know sort of what just like here the besides L visa but it's a do aa cracy right you step up and you do things like a lot of open source stuff you you there's an opportunity there for you to learn and

it contribute and to make a difference in the advancement of of cracking as a discipline and it's a great place to hang out yeah so this is this is the the wisdom that kind of inspired me for this this talk you may have seen this some paraphrase of it Japanese poet Basho but turns out he was actually paraphrasing a guy who was among other things a calligrapher and he said imitate the intent not the brushstrokes like you know you're not focused on the tools you're focused on the result and when you can get into the and what Csikszentmihalyi called the flow of that that's when you can start actually learning and you look up it's two

o'clock in the morning and you realize I know a lot of more about cracking hashes than I did when I started it's a lot of people that I've learned a lot from a lot of handles here and these are a lot also a lot of good people to watch for that know what they're talking about and sometimes that's the hardest thing to determine and stuff like this so I'm grateful to all of the tips some which made it into this talk and the slides will be up it talks they were still being worked on almost as I was walking over here so it'll be after a little bit of time for questions thank you [Applause]

sorry I know this is a bit random but how often do you find that passwords aren't in a supported language from the platform so for instance with LinkedIn or something like that they'll find that there's only a certain set amount of languages that they'll use however if you're from South Africa for instance we have 24 languages that we could possibly use as a password which makes it a lot harder and a lot more complicated for us to be able to crack them right that's interesting uh most of what I've seen from from on the web app side has been there's a pretty long tail like you know Farsi the clink it and all sorts of

interesting Unicode deep dive type stuff but yeah I can't say that I've been able to detect when when when it was constrained or yeah so I I'm not sure I have a good answer to that question but up but but we can talk more after all right big round of applause where was Williams [Applause]