Sharing the pot and asking for help!

So I’ve taken the advice of @hacktalkblog (again) and decided to throw all of my .pot files that I have acquired together based off of hash type. Essentially, all the MD5s in one, Sha1s in one, etc.

I’ve decided to share the .pots I have, which are only MD5 and Sha1s right now, and also throw everyone who wants it a list of MD5s that I have yet been able to crack. I got the idea of sharing my .pot files from @bwall because of the hash cracking competition he is running at his site. If you decide to download it than please get back to me with what you can crack.

MD5.pot

SHA1.pot

 

HASHES-MD5.txt

Here is the list of hashes I haven’t been able to crack yet. It contains multiple dumps including:

7poker, acm.hdu.edu.cn, ctemag.com, digitword.com, djartsgames.ca, eharmony, euload, exonmobil, ftxtraders.eu, g4spass, some random ones from iran, last.fm, militarysingles, nvidia, and sex06.nl

About 99% of those dumps have been collected from @cwn.

One more note that comes to mind before I end this post, if you would like to share your .pot or your dictionaries, let me know and I will host the link on this post as well. I would also like a copy of whatever you can give for .pot files too.

-b0n3z

UPDATE: Thanks to @jmgosney & @coolacid for their help, I’ve been able to get about 400k more of those hashes cracked. Both the md5.pot and hashes-md5.txt file have been updated accordingly.

Advertisements

John the Ripper Intro

First off, thanks to @hacktalkblog and @nberthaume with all the help they have given me with JtR and Hashcat. This post will be a basic rundown (with a couple of advanced parts) for people just starting in the world of hash cracking.

Let me start off with saying I use cygwin because I run Windows 7 since I fail and refuse to throw a linux OS as my main. Meh. You only have to slightly alter these commands, I believe, to not incorporate cygwin.

cat *dictionaryfilelocation* | ./john –stdin –format:raw-*format* –pot=*filename*.pot –session=*name* –crack-status *hashfilelocation*

The above command should be pretty simple to understand but I will break it down just in case. Everything inside the ** is what you must set yourself.

For me, I use cat /cygdrive/b/*. That means I’m catting everything on my b drive (which is reserved for my wordlists). You only need to do this if you have MULTIPLE dictionary files that you want JtR to run through and test against.

Next is –stdin which is just saying to accept that information is being piped into JtR.

Format:raw-*format* is you inputting whatever format the hashes you want to crack are in. In most cases they will be MD5 or Sha1 from what I’ve seen in the past few months from dumps.

Your pot file is where the cracked hashes will be output to. These will be put to the same directory as JtR. The output will look something like:

$dynamic_0$5fed917b9bb2d6ace789576b239901bd:1Q2W3E4R5T6Y7U8I9O0P

The session=*name* is used for a couple reasons:

  1. So that you can pause the cracking session and resume it later
  2. So that you can run multiple JtR sessions without a hassle

Crack-status will output as such:

guesses: 3  time: 0:00:07:58  c/s: 127406M  trying: EHARMONY1Wannabethe1 – EHARMONY1azreal

Lastly for this command is the *hashfilelocation*. In my case it is:


/cygdrive/c/Users/username/Desktop/Pass\ Cracking/crackme/filename.txt

I keep all of the dumps I gather in that crackme directory for ease.

There is a few other ways to run JtR. I’ll touch on running rules with the same general command above:

cat *dictionarylocation* | ./john –pipe –format:raw-*format* –pot=*filename*.pot –session=*name* –rules=*rule* –crack-status *hashfilelocation*

The change to the above command is –pipe. I’m not sure why you have to run pipe instead of stdin when running rules, but that’s the only way I’ve been able to get it to working.

Along with that, you also have the rules=*rule* command now. If you look here than you’ll see a quick rundown of rules. The easiest rule to use is of course rules=Single. I have found it extremely useful to also create your own rules based off the website name and run those. For me, I add rules to the john.ini file located in the run folder of JtR. I’ll give an example below:

[List.Rules:Nvidia]

# Nvidia Passwords

A0″[nN][vV][iI1][dD][iI1][aA4]”

Az”[nN][vV][iI1][dD][iI1][aA4]”

If you do a quick glance through the john.ini file you will see where you can add these rules. To create your own follow the same basic guide above. List.Rules:*rulename* must be put as whatever you want it to be typed as in the command. The # is of course just a comment about what the rule is. A0 is to append everything and Az prepends. What word is being played with is Nvidia. It will adjust everything with every possible combination you see per bracket. I’ll show how I did my Linkedin rules for the recent Linkedin dump:

[List.Rules:Linkedin]

# Linkedin Passwords

A0″[lL1][iI1][nN][kK][eE3][dD][iI][nN]”

Az”[lL1][iI1][nN][kK][eE3][dD][iI][nN]”

The same principal applies to the Linkedin rule we create with the above.