破解故事——我是如何破解1億2200萬SHA1和Md5哈希密碼

發(fā)布時(shí)間：2020-05-30 16:25:01 來源：網(wǎng)絡(luò) 閱讀：4885 作者：simeon2005 欄目：安全技術(shù)

原文：http://blog.thireus.com/cracking-story-how-i-cracked-over-122-million-sha1-and-md5-hashed-passwords/

這是關(guān)于我如何破解密碼的哈希值1億2200萬* John the Ripper和oclHashcat-plus故事。

這是幾個(gè)月前，當(dāng)我看到一條推特（https://twitter.com/m3g9tr0n）從korelogic約含共1億4600萬個(gè)密碼的密碼哈希表的torrent文件（https://www.korelogic.com/InfoSecSouthwest2012_Ripe_Hashes.html）。這個(gè)非常大的數(shù)量的密碼哈希起初讓我很沮喪，因?yàn)槲易约褐挥幸慌_經(jīng)典配置的AMD Phenom II 4核3.2 MHz的電腦,外加一個(gè)ATI/AMD 5770顯卡。但我真的很想給嘗試一下，因?yàn)樵擃I(lǐng)域的密碼破解讓我著迷。

在這漫長的旅程中我用的密碼破解工具是John the Ripper和oclHashcat-puls。這篇文章是關(guān)于破解korelogic提供的MD5哈希值，但同樣的策略也適用于SHA1哈希破解。

更新：

08/29/2012 –新的例子在John the Ripper部分: "在dict2hash.pl腳本的幫助下破解雙MD5密碼值"

08/29/2012 – 所有的都進(jìn)行過排序和整理新的版本下載。

處理哈希值：

首先，所有的korelogic torrent文件必須被解壓縮，它包含一個(gè)命名為“校驗(yàn)”文件夾。讓我們檢查這個(gè)文件夾的內(nèi)容…

root@m3g9tr0n:~/hashes$ ls

longer_salts raw-md5.hashes.txt salted_with_md5 SHA1 vBulletin-v3.8.4

從現(xiàn)在起我們集中在raw-md5.hashes.txt文件列表，這個(gè)文件是4.3GB，通過wc工具可以看出它包括139444502行。

root@m3g9tr0n:~/hashes$ wc -lraw-md5.hashes.txt

139444502 raw-md5.hashes.txt

正如你可以假設(shè)，無論是John the Ripper和oclHashcat-plus都無法加載該文件，因?yàn)樗罅恕３鲇谶@個(gè)原因，我們需要分割該文件。在Linux下，我們有一個(gè)很好的工具稱為split 做這件工作得很好：

root@m3g9tr0n:~$ split --help

Usage: split [OPTION]... [INPUT[PREFIX]]

Output fixed-size pieces of INPUT toPREFIXaa, PREFIXab, ...; default

size is 1000 lines, and default PREFIXis `x'. With no INPUT, or when INPUT

is -, read standard input.

Mandatory arguments to long options aremandatory for short options too.

-a, --suffix-length=N usesuffixes of length N (default 2)

-b, --bytes=SIZE put SIZEbytes per output file

-C, --line-bytes=SIZE put atmost SIZE bytes of lines per output file

-d, --numeric-suffixes usenumeric suffixes instead of alphabetic

-l, --lines=NUMBER put NUMBERlines per output file

--verbose print adiagnostic just before each

output file isopened

--help display this help andexit

--version output versioninformation and exit

SIZE may be (or may be an integeroptionally followed by) one of following:

KB 1000, K 1024, MB 1000*1000, M1024*1024, and so on for G, T, P, E, Z, Y.

We can use the --lines=NUMBER parameter tosplit our raw-md5.hashes.txt file.

我們可以使用“--lines=NUMBER”參數(shù)來分割我們的原始md5.hashes.txt文件。

root@m3g9tr0n:~/hashes$ split -l 3000000raw-md5.hashes.txt part

請注意，考慮到每個(gè)MD5哈希是32字節(jié)長，我們還可以基于MB來進(jìn)行文件分割。

使用oclHashcat-plus來破解密碼

我開始玩oclHashcat-plus，因?yàn)樗?strong>-remove選項(xiàng)，一旦被破解它從hashfile刪除破解成功的哈希值，這是真的很方便。oclHashcat-plus唯一的限制，是它對密碼長度的限制。換句話說，它僅能夠破解密碼最多15個(gè)字符。我使用oclHashcat-plus規(guī)則是base64.rule，passwordspro.rule，T0XlC.rule在某些情況下d3ad0ne.rule。這些規(guī)則可以直接從oclHashcat-plus中找到。

暴力破解技術(shù)是不是我的第一選擇。我用的字典是從g0tm1lk的BlogSpot下載的（http://blog.g0tmi1k.com/2011/06/dictionaries-wordlists/?redirect）。在g0tmi1k的文章其他外部鏈接中你會發(fā)現(xiàn)更多的字典。破解過程中最大的一部分是通過使用這些字典與上述規(guī)則進(jìn)行。讓我們來看看一些例子

使用單一規(guī)則：

./oclHashcat-plus64.bin -m 0 ~/hashes/md5_1~/Wordlists/d3ad0ne.dic -r rules/best64.rule -o Ultimate_Crack/eNtr0pY_1--remove

使用組合規(guī)則：

./oclHashcat-plus64.bin -m 0 ~/hashes/md5_1~/Wordlists/d3ad0ne.dic -r rules/best64.rule r rules/passwordspro.rule -oUltimate_Crack/eNtr0pY_1 --remove

Bruteforce attack with mask (you canspecify whichever charset you want):

使用掩碼進(jìn)行暴力破解***（可以指定任何你想要的字符集）：

./oclHashcat-plus64.bin -a 3 -1 ?l?d?u?s -m0 ~/hashes/md5_1 ?1?1?1?1?1?1?1?1 -o Ultimate_Crack/eNtr0pY_1 --remove

組合破解：

./oclHashcat-plus64.bin -a 1 -m 0~/hashes/md5_1 ~/Wordlists/d3ad0ne.dic ~/Wordlists/list -oUltimate_Crack/eNtr0pY_1 --remove

使用規(guī)則進(jìn)行組合破解：

./oclHashcat-plus64.bin -a 1 -m 0~/hashes/md5_1 ~/Wordlists/d3ad0ne.dic ~/Wordlists/list -r rules/passwordspro.rule-o Ultimate_Crack/eNtr0pY_1 --remove

排列組合破解：

./oclHashcat-plus64.bin -a 4 -m 0~/hashes/md5_1 ~/Wordlists/d3ad0ne.dic -o Ultimate_Crack/eNtr0pY_1 --remove

排列組合規(guī)則破解：

./oclHashcat-plus64.bin -a 4 -m 0~/hashes/md5_1 ~/Wordlists/d3ad0ne.dic -r rules/best64.rule -oUltimate_Crack/eNtr0pY_1 --remove

In some cases, I used the hybrid + maskattack technique:

在某些情況下，我使用了混合 + 掩碼***技術(shù)：

./oclHashcat-plus64.bin -a 6 -1 ?l?d -m 0 ~/hashes/md5_1~/Wordlists/d3ad0ne.dic ?1?1 -o Ultimate_Crack/eNtr0pY_1 --remove

混合掩碼規(guī)則破解：

./oclHashcat-plus64.bin -a 6 -1 ?l?d -m 0~/hashes/md5_1 ~/Wordlists/d3ad0ne.dic ?1?1 -r rules/best64.rule -oUltimate_Crack/eNtr0pY_1 --remove

在這一點(diǎn)上，我沒有用最后兩個(gè)方法，因?yàn)樗麄兪欠浅：臅r(shí)的。我寧愿為John the Ripper 找到一個(gè)更好的KoreLogic的規(guī)則，將John the Ripper 的輸出管道到oclHashcat-plus。正如我所說，oclHashcat-plus能夠破解的密碼最多15個(gè)字符。出于這個(gè)原因，我不得不通過“--stdout”選項(xiàng)限定每一次所產(chǎn)生的單詞長度。如果你擁有一個(gè)非?？焖俚?/span>GPU可以跳過下面的例子。

./john --wordlist=~/Wordlists/all.lst-rules:KoreLogicRulesPrependYears --stdout=10 | ./oclHashcat-plus64.bin -m 0~/hashes/md5_1 -o Ultimate_Crack/eNtr0pY_1 --remove

當(dāng)然你也可以使用來自Korelogic創(chuàng)建的其他前置的規(guī)則，像KoreLogicRulesPrependNumNum，甚至更好的創(chuàng)建自己的規(guī)則！是時(shí)候從破解密碼的單詞表中生成字典來破解剩余哈希值了。從eNtr0pY_1，使用以下命令我刪除了MD5哈希值。

cut -b34- eNtr0pY_1 >eNtr0pY_1.dic

通過使用上述制造的字典，大量MD5哈希值被這種指紋***破解。你可以閱讀更多關(guān)于馬丁博斯@purehate這種***，我向你保證，這個(gè)技術(shù)是非常成功的！

當(dāng)然，你也可以使用hashcat-utils中的二進(jìn)制文件以及每一個(gè)管道到oclHashcat-plus的輸出。

root@m3g9tr0n:~/oclHashcat-plus-0.08/hashcat-utils$ls

combinator.bin expander.bin gate.bin len.bin mp32.bin permute.bin prepare.bin req.bin splitlen.bin

使用John the Ripper破解密碼

測試完所有我收集的字典以及幾天后，是時(shí)候轉(zhuǎn)移到john the Ripper來破解密碼哈希值的剩余部分...

我用的Magnum-ripper編譯OpenCL支持ATI / AMD顯卡，因?yàn)槲蚁胗谩?/span>--format=raw-md5-opencl參數(shù)”。相比“--format=raw-md5”，這是更快的方式為它使用你的CPU和GPU。

與john the Ripper中使用的規(guī)則是：

wordlist

Single

Extra

KoreLogicRulesAppendNumbersandSpecials_Simple

KoreLogicRulesAppend6Num

KoreLogicRulesPrependAndAppendSpecial

KoreLogicRulesAppendNumNum_AddSpecialEverywhere

KoreLogicRulesAppendNumNumNum_AddSpecialEverywhere

KoreLogicRulesL33t.

您可以下載這些規(guī)則，并將其添加到您的john.conf文件中：

http://paste2.org/p/2048517

http://paste2.org/p/2048512

現(xiàn)在，讓我們看到john the Ripper的一些例子...

使用--rules=Single：

./john --format=raw-md5-opencl--wordlist=../../Wordlists/all.lst --rules:Single ~/hashes/md5_1

哈希破解結(jié)果存儲在默認(rèn)文件john.pot中。您可以使用cat，more，head和tail檢查它的內(nèi)容。

root@m3g9tr0n:~/Tools/Password_Cracking/magnum-jumbo-OpenCL/run$tail -n 9 john.pot

$MD5$0fad81e7a61b47d387dde893fcf8e88a:anacarolinagu

$MD5$0f82fc9a81f5db07eb9289767390fd2b:fabulousfoodsu

$MD5$0e22933267b2e7df062703c4e5842029:fabuloustravelu

$MD5$0d40086a54fefe993c9816d1441672ac:modularhomeu

$MD5$0ed8181fc4d18e260dd8e36633124bfd:greenshoppingu

$MD5$0d6e8da4017ec5c384ac5536087da44d:lawofattractionu

$MD5$0eb916d3c6a66a32cedd4acc6edb1dbb:hotreportu

$MD5$0e241f99b5c13d56686ec618ab54d5fa:flightsandholidaysu

$MD5$0f3c99478362aae389d2cbf716394269:stthomasmoresu

To generate a wordlist from the john.pot file,you can use the following command.

要從john.pot文件生成從一個(gè)字典，可以使用下面的命令。

cut -d: -f 2- john.pot | sort -u >cracked.dic

生成的字典可以與上述規(guī)則相結(jié)合來破解哈希值。

當(dāng)我使用oclHashcat-plus破解MD5哈希值時(shí)，我觀察到，一些生成的密碼被拒絕。這是因?yàn)?/span>oclHashcat-plus有一個(gè)關(guān)于字符串長度的限制。出于這個(gè)原因，我管道hashcat的結(jié)果輸出到john the Ripper，并且在john the Ripper中更好的使用hashcat規(guī)則。

./hashcat-cli64.bin --stdout~/Wordlists/d3ad0ne.dic -r rules/best64.rule | ./john --format=raw-md5-opencl--stdin ~/hashes/md5_1

嘗試所有字典與上述規(guī)則相結(jié)合后，是時(shí)候使用john the Ripper進(jìn)行暴力破解破解。不幸的是，john the Ripper暴力破解***時(shí)不使用掩碼***以產(chǎn)生密碼。我們有基于包含在破解的密碼來創(chuàng)建我們自己的字符集john.pot。

./john --make-charset=eNtr0pY.chr

Loaded 7948325 plaintexts

Generating charsets... 1 2 3 4 5 6 78 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 DONE

Generating cracking order... DONE

Successfully written charset file:eNtr0pY.chr (95 characters)

你們中許多人會想知道“DONE 31”......這僅僅是因?yàn)槲揖幾gjohn the Ripper用31個(gè)字符長度。默認(rèn)情況下，john the Ripper被編譯為8個(gè)字符長度的支持，所以最好通過修改頭文件params.h中的以下行來改變，它位于john the Ripper的scr文件夾中。

#define CHARSET_MIN ' '

#define CHARSET_MAX 0x7E

#define CHARSET_SIZE (CHARSET_MAX - CHARSET_MIN+ 1)

#define CHARSET_LENGTH 8 //更改為31或者你期待的值

最后，在john.conf中你必須包括您所創(chuàng)建的字符集，以如本例中規(guī)定：

# Incremental modes

[Incremental:eNtr0pY]

File = $JOHN/eNtr0pY.chr

MinLen = 0

MaxLen = 31

CharCount = 95

Now it is time to use bruteforce attackswith our own charstet!

現(xiàn)在是時(shí)候用我們自己的字符串來進(jìn)行暴力破解***！

./john --format=raw-md5-opencl--incremental=eNtr0pY ~/hashes/md5_1

如果你查看john.conf，你會看到一些暴力破解***模式分為外部。這些都是雙重的，帶鍵盤（使用從鍵盤字符產(chǎn)生的相鄰組合），KnownForce，日期時(shí)間，重復(fù)，順序，亞群和DumbForce為瘋狂的密碼格式。

./john --format=raw-md5-opencl--external=DumbForce ~/hashes/md5_1

在這里提供的dict2hash.pl腳本幫助下，我們也喜歡破解雙重MD5哈希值。

perl dict2hash.pl < rockyou.txt | ./john--format=raw-md5-opencl --stdin ~/md5_1

在這里，您可以看到與john the Ripper破獲MD5值的一些示例：

http://pastebin.com/uaGFXkBA

http://pastebin.com/LT5Gda9L

Personally, I believe a password like"$MD5$0b26a0faf1344d6e772bf55628e10e29:n34=mn { .clipboard $me }" isimpossible to crack with bruteforce attacks.

Note: All the abovementioned techniques canbe used with oclHashcat-plus by defining -m 100 and with John the Ripper bydefining --format=raw-sha1-opencl for SHA1 cracking with OpenCL!

就個(gè)人而言，我相信密碼像“ $ MD5 $ 0b26a0faf1344d6e772bf55628e10e29：N34 = {MN $.clipboard$me} ”是不可能使用暴力破解***來破解。

注：所有上述技術(shù)可以在oclHashcat-plus定義參數(shù)“-m 100”使用，john the Ripper定義“--format=raw-sha1-opencl”使用OpenCL破解SHA1

密碼分析

最后，值得一看的分析使用pipal（密碼分析者）從破解結(jié)果中收集的樣本。

root@m3g9tr0n:~/pipal$ ruby1.9.1 pipal.rb \

-o eNtr0pY_1~/Wordlists/Ultimate/Part1/eNtr0pY_5.dic

Total entries = 759103

Total unique entries = 758299

Top10 passwords

niezgadniesz123 = 3 (0.0%)

ubqu = 3 (0.0%)

amonys = 3 (0.0%)

centralitie = 3 (0.0%)

bobydu = 3 (0.0%)

hanghuynh = 3 (0.0%)

hmadyousi = 3 (0.0%)

matthewperman = 3 (0.0%)

shadowninja2 = 3 (0.0%)

lhz4 = 3 (0.0%)

Top10 基本密碼

august = 219 (0.03%)

july = 205 (0.03%)

april = 199 (0.03%)

june = 195 (0.03%)

march = 165 (0.02%)

alex = 161 (0.02%)

love = 132 (0.02%)

chris = 130 (0.02%)

daniel = 128 (0.02%)

dragon = 122 (0.02%)

密碼長度(以長度進(jìn)行排序)

1 = 13 (0.0%)

2 = 103 (0.01%)

3 = 1332 (0.18%)

4 = 16781 (2.21%)

5 = 19831 (2.61%)

6 = 95800 (12.62%)

7 = 202414 (26.66%)

8 = 158562 (20.89%)

9 = 103855 (13.68%)

10 = 75652 (9.97%)

11 = 46023 (6.06%)

12 = 24997 (3.29%)

13 = 8423 (1.11%)

14 = 3772 (0.5%)

15 = 1560 (0.21%)

密碼長度(以計(jì)數(shù)排序)

7 = 202414 (26.66%)

8 = 158562 (20.89%)

9 = 103855 (13.68%)

6 = 95800 (12.62%)

10 = 75652 (9.97%)

11 = 46023 (6.06%)

12 = 24997 (3.29%)

5 = 19831 (2.61%)

4 = 16781 (2.21%)

13 = 8423 (1.11%)

14 = 3772 (0.5%)

15 = 1560 (0.21%)

3 = 1332 (0.18%)

2 = 103 (0.01%)

1 = 13 (0.0%)

|||

||||

|||||

||||||

|||||||||

|||||||||||||||||

00000000001111111

01234567890123456

Oneto six characters = 133854 (17.63%)

One to eight characters = 494828 (65.19%)

More than eight characters = 264275(34.81%)

Onlylowercase alpha = 154996 (20.42%)

Only uppercase alpha = 14072 (1.85%)

Only alpha = 169068 (22.27%)

Only numeric = 119581 (15.75%)

First capital last symbol = 6088 (0.8%)

First capital last number = 73611 (9.7%)

Months

january = 109 (0.01%)

february = 45 (0.01%)

march = 247 (0.03%)

april = 251 (0.03%)

may = 850 (0.11%)

june = 246 (0.03%)

july = 223 (0.03%)

august = 300 (0.04%)

september = 80 (0.01%)

october = 134 (0.02%)

november = 113 (0.01%)

december = 115 (0.02%)

Days

monday = 59 (0.01%)

tuesday = 20 (0.0%)

wednesday = 7 (0.0%)

thursday = 38 (0.01%)

friday = 46 (0.01%)

saturday = 7 (0.0%)

sunday = 70 (0.01%)

Months (Abreviated)

jan = 1482 (0.2%)

feb = 249 (0.03%)

mar = 8397 (1.11%)

apr = 692 (0.09%)

may = 850 (0.11%)

jun = 889 (0.12%)

jul = 1051 (0.14%)

aug = 785 (0.1%)

sept = 215 (0.03%)

oct = 512 (0.07%)

nov = 821 (0.11%)

dec = 874 (0.12%)

Days (Abreviated)

mon = 4319 (0.57%)

tues = 28 (0.0%)

wed = 217 (0.03%)

thurs = 44 (0.01%)

fri = 758 (0.1%)

sat = 769 (0.1%)

sun = 1018 (0.13%)

Includes years

1975 = 411 (0.05%)

1976 = 388 (0.05%)

1977 = 446 (0.06%)

1978 = 432 (0.06%)

1979 = 441 (0.06%)

1980 = 541 (0.07%)

1981 = 453 (0.06%)

1982 = 519 (0.07%)

1983 = 533 (0.07%)

1984 = 603 (0.08%)

1985 = 585 (0.08%)

1986 = 616 (0.08%)

1987 = 710 (0.09%)

1988 = 641 (0.08%)

1989 = 941 (0.12%)

1990 = 931 (0.12%)

1991 = 995 (0.13%)

1992 = 935 (0.12%)

1993 = 905 (0.12%)

1994 = 907 (0.12%)

1995 = 4021 (0.53%)

1996 = 858 (0.11%)

1997 = 486 (0.06%)

1998 = 443 (0.06%)

1999 = 416 (0.05%)

2000 = 1024 (0.13%)

2001 = 643 (0.08%)

2002 = 586 (0.08%)

2003 = 1132 (0.15%)

2004 = 1254 (0.17%)

2005 = 796 (0.1%)

2006 = 818 (0.11%)

2007 = 1442 (0.19%)

2008 = 1019 (0.13%)

2009 = 742 (0.1%)

2010 = 767 (0.1%)

2011 = 516 (0.07%)

2012 = 925 (0.12%)

2013 = 165 (0.02%)

2014 = 142 (0.02%)

2015 = 146 (0.02%)

2016 = 118 (0.02%)

2017 = 139 (0.02%)

2018 = 131 (0.02%)

2019 = 172 (0.02%)

2020 = 179 (0.02%)

Years (Top 10)

1995 = 4021 (0.53%)

2007 = 1442 (0.19%)

2004 = 1254 (0.17%)

2003 = 1132 (0.15%)

2000 = 1024 (0.13%)

2008 = 1019 (0.13%)

1991 = 995 (0.13%)

1989 = 941 (0.12%)

1992 = 935 (0.12%)

1990 = 931 (0.12%)

Colours

black = 485 (0.06%)

blue = 549 (0.07%)

brown = 184 (0.02%)

gray = 89 (0.01%)

green = 348 (0.05%)

orange = 125 (0.02%)

pink = 262 (0.03%)

purple = 73 (0.01%)

red = 2974 (0.39%)

white = 179 (0.02%)

yellow = 85 (0.01%)

violet = 63 (0.01%)

indigo = 22 (0.0%)

Single digit on the end = 92080 (12.13%)

Two digits on the end = 87587 (11.54%)

Three digits on the end = 103715 (13.66%)

Last number

0 = 45407 (5.98%)

1 = 64764 (8.53%)

2 = 52570 (6.93%)

3 = 52890 (6.97%)

4 = 43719 (5.76%)

5 = 55185 (7.27%)

6 = 42826 (5.64%)

7 = 46169 (6.08%)

8 = 42475 (5.6%)

9 = 44930 (5.92%)

| ||

||||

|||| | | |

||||||||||

0123456789

Last digit

1 = 64764 (8.53%)

5 = 55185 (7.27%)

3 = 52890 (6.97%)

2 = 52570 (6.93%)

7 = 46169 (6.08%)

0 = 45407 (5.98%)

9 = 44930 (5.92%)

4 = 43719 (5.76%)

6 = 42826 (5.64%)

8 = 42475 (5.6%)

Last 2 digits (Top 10)

95 = 14675 (1.93%)

23 = 12192 (1.61%)

12 = 9230 (1.22%)

11 = 8214 (1.08%)

01 = 7606 (1.0%)

00 = 7131 (0.94%)

07 = 6295 (0.83%)

10 = 6182 (0.81%)

21 = 5881 (0.77%)

99 = 5868 (0.77%)

Last 3 digits (Top 10)

123 = 6857 (0.9%)

995 = 4122 (0.54%)

971 = 2916 (0.38%)

972 = 2850 (0.38%)

007 = 2514 (0.33%)

000 = 1868 (0.25%)

234 = 1725 (0.23%)

666 = 1465 (0.19%)

777 = 1389 (0.18%)

004 = 1347 (0.18%)

Last 4 digits (Top 10)

1995 = 3886 (0.51%)

1234 = 1379 (0.18%)

2007 = 1325 (0.17%)

2004 = 1121 (0.15%)

2003 = 1016 (0.13%)

2008 = 869 (0.11%)

2000 = 846 (0.11%)

1991 = 819 (0.11%)

2012 = 809 (0.11%)

1990 = 789 (0.1%)

Last 5 digits (Top 10)

12345 = 743 (0.1%)

23456 = 652 (0.09%)

54321 = 189 (0.02%)

23123 = 140 (0.02%)

56789 = 127 (0.02%)

34567 = 102 (0.01%)

11111 = 99 (0.01%)

45678 = 75 (0.01%)

00000 = 73 (0.01%)

88888 = 68 (0.01%)

US Area Codes

971 = Oregon: Metropolitan Portland,

Salem/Keizer area,

incl Cricket Wireless (OR)

972 = Texas: Dallas Metro (TX)

234 = NE Ohio: Canton, Akron (OH)

Character sets

loweralphanum: 330937 (43.6%)

loweralpha: 154996 (20.42%)

numeric: 119581 (15.75%)

mixedalphanum: 41121 (5.42%)

upperalphanum: 41078 (5.41%)

mixedalpha: 28464 (3.75%)

upperalpha: 14072 (1.85%)

loweralphaspecial: 10222 (1.35%)

loweralphaspecialnum: 5735 (0.76%)

mixedalphaspecial: 4724 (0.62%)

upperalphaspecial: 2939 (0.39%)

mixedalphaspecialnum: 2247 (0.3%)

specialnum: 648 (0.09%)

upperalphaspecialnum: 374 (0.05%)

special: 47 (0.01%)

Character set ordering

stringdigit: 349534 (46.05%)

allstring: 197532 (26.02%)

alldigit: 119581 (15.75%)

digitstring: 28873 (3.8%)

othermask: 18649 (2.46%)

stringdigitstring: 14577 (1.92%)

stringspecial: 10441 (1.38%)

digitstringdigit: 9981 (1.31%)

stringspecialstring: 5469 (0.72%)

stringspecialdigit: 3075 (0.41%)

specialstring: 834 (0.11%)

specialstringspecial: 510 (0.07%)

allspecial: 47 (0.01%)

Hashcat masks (Top 10)

?d?d?d?d?d?d?d: 85053 (11.2%)

?l?l?l?l?l?l: 38400 (5.06%)

?l?l?l?l?l?l?l?l: 36217 (4.77%)

?l?l?l?l?l?l?l: 35468 (4.67%)

?l?l?l?l?l?l?d?d?d: 24051 (3.17%)

?l?l?l?l?l?l?d?d: 18591 (2.45%)

?l?l?l?l?l?d?d?d: 18047 (2.38%)

?d?d?d?d?d?d: 16048 (2.11%)

?l?l?l?l?l?l?l?l?l: 14236 (1.88%)

?l?l?l?l?d?d?d: 13802 (1.82%)

結(jié)論

這是一個(gè)非常耗費(fèi)時(shí)間和艱苦的工作，因?yàn)槲也粨碛凶羁斓娘@卡。整個(gè)破解過程歷時(shí)約5個(gè)月來完成，因?yàn)槲冶仨毻瓿晌业?/span>CCNP認(rèn)證學(xué)習(xí)。

從中學(xué)到的教訓(xùn)是，一個(gè)好的智能詞典結(jié)合方便的規(guī)則，使用Hashcat或John the Ripper甚至可以破解強(qiáng)密碼?；谝陨锨闆r，管理員應(yīng)該使用更強(qiáng)的哈希算法（加鹽）來存儲你的密碼，并在在定期的基礎(chǔ)上更改自己的密碼。

謝謝閱讀

你可以在推特上找到我, @m3g9tr0n.

下載

你可以下載破解的哈希結(jié)果值

721.9 MB -m3g9tr0n_122Million_Passwords_WordLists.zip

所提供的KoreLogic torrent文件包含了各種獨(dú)特的密碼哈希值。出于這個(gè)原因，你可能會在這些字典中發(fā)現(xiàn)重復(fù)的密碼，作為一個(gè)單獨(dú)的密碼，可以使用各種算法來計(jì)算散列值！這意味著1.22億獨(dú)特的哈希值（MD5，SHA1，雙MD5等）被破解，結(jié)果中有8億3600萬個(gè)獨(dú)特的密碼。

您也可以下載“都在一個(gè)”版本，干凈和分類：

270.2 MB -m3g9tr0n_Passwords_WordList_CLEANED.zip

export LC_ALL='C' && cat * | sort |uniq > eNtr0pY_ALL_sort_uniq.dic

參考：

hashcat Wiki [ http://hashcat.net/wiki/ ]

John the Ripper Wiki [http://openwall.info/wiki/john ]

向AI問一下細(xì)節(jié)

破解故事——我是如何破解1億2200萬SHA1和Md5哈希密碼

猜你喜歡

最新資訊

相關(guān)推薦

相關(guān)標(biāo)簽