Password Cracking

[Fokus]

Hello, mortals I'm trying to figure which one is more efficient at cracking, should I use john or hashcat? (If you have any other cracking software that is more effective plz let me know) I'm a noob to password cracking so please give me any advice if you have any. Thank you in advance.

[Jurrunio]

cyber criminal?

[Theguywhobea]

I think hashcat will be faster as it's CUDA accelerated.

[CryptoMatt]

i use cain and abel but thats because i used it with my ps3 and it was the only one that worked 

[Fokus]

10 minutes ago, Jurrunio said:

cyber criminal?

Yes, cyber criminal all the way  That's why I posted this in a public forum.

[Fokus]

2 minutes ago, CryptoMatt said:

i use cain and abel but thats because i used it with my ps3 and it was the only one that worked 

I was thinking about using Cain and Abel but they discontinued it.

[CryptoMatt]

2 minutes ago, coyotetracker said:

I was thinking about using Cain and Abel but they discontinued it.

rip, its been awhile since i used it so i didnt know that.

[Fokus]

8 minutes ago, Theguywhobea said:

I think hashcat will be faster as it's CUDA accelerated.

I think your right. From what I've researched hash cat does seem like the better option. John the ripper relies on the CPU rather than GPU.  I was just trying to confirm. I have another question? Do I need to download Kali Linux or can I download hashcat on windows.

[Ginger_]

19 minutes ago, coyotetracker said:

I think your right. From what I've researched hash cat does seem like the better option. John the ripper relies on the CPU rather than GPU.  I was just trying to confirm. I have another question? Do I need to download Kali Linux or can I download hashcat on windows.

I haven't looked personally into that one, but in general you can install tools like that in about any of the main distros, occasionally windows but 95% of the time not. Kali just has a lot of tools like that built in, but if it doesn't you can install it. 

 

So if you already have another distro installed, just find a repo that has it

[wasab]

1 hour ago, Ginger137 said:

I haven't looked personally into that one, but in general you can install tools like that in about any of the main distros, occasionally windows but 95% of the time not. Kali just has a lot of tools like that built in, but if it doesn't you can install it. 

 

So if you already have another distro installed, just find a repo that has it

Much of the tools on kali are open source and open to all on github anyhow. You dont have to apt-get install from a repo, although it is usually more convenient. Downloading the source code from github and compiling it yourself the good old fashion way works too. 

[Mills_71]

Hi the coders, svp I am novice in computing, but I would want to be interested has the Cryptography and the IT security. Can you give me advice, books, sites your helpsare welcome THANK YOU

[Ailithic]

Lol the sad reality is that a hashed password is uncrackable without a server or real military grade hardware.. the only way a hashed password can be cracked is by using a pre generated hash table (or bruteforced hashing of common passwords > which you can also get lists for).. if your breaking server to client you would need a good program that you can actually run for 3 years,,

 

Cain and able was absolute crap btw, it didn't save your alphanumeric iteration so if you dropped connection or the program closed you would have to start again from the start. maybe if you enumerated the code... idk.

 

But considering that passwords nowa days are undeniably uncrackable beyond 5 chars letters only.. your best option is to bypass, side entrances, overloading, ddos, booting and spoofing, injection.. I finder shoulder looking to be the most effective.. or *** bypassing from key loggers.

Do disagree with anything iv said here though

[JacobFW]

On 1/13/2018 at 10:28 PM, coyotetracker said:

Hello, mortals I'm trying to figure which one is more efficient at cracking, should I use john or hashcat? (If you have any other cracking software that is more effective plz let me know) I'm a noob to password cracking so please give me any advice if you have any. Thank you in advance.

It entirely depends on what you're trying to crack.  Unless they've changed recently, jtr and hashcat are used for cracking hashes, which is completely useless if you want to crack the password to say, an encrypted zip file.

 

Now you can write generic programs/scripts that are designed to bruce-force passwords.  For instance a while back I wrote a batch file that takes a list of passwords, and tries to decrypt an encrypted 7zip file.  It was several orders of magnitude slower than commercial programs which were specifically designed to decrypt those types of archives.

 

So the best way to guess a password is to get a tailor-made program for that type of encrypted file, whether you buy one, or write it yourself.

[Hugh_Mungus]

I for got the password to my zip file.... I still have the zip I just gave up on opening it

 

[ScratchCat]

Try OCLHashcat, it uses OpenCL and runs on CPUs and GPUs, additionally it is very simple to setup and use, simply download, extract and run. Note that running the program on the GPU increases performance massively , ~300x from an i5 -> R9 290.

 

[SgtBot]

On 1/13/2018 at 9:28 PM, coyotetracker said:

Hello, mortals I'm trying to figure which one is more efficient at cracking, should I use john or hashcat? (If you have any other cracking software that is more effective plz let me know) I'm a noob to password cracking so please give me any advice if you have any. Thank you in advance.

I used aircrack-ng with the RockYou wordlist to crack this WPA/WPA2 password we got from a router handshake a few weeks ago at HackArizona.

[Hobox]

GPU cracking can very much be done, no server hardware necessary. Hashcat is definitely the best password cracking program available right now, it definitely seems to do some magic with the hash rates it achieves. 

 

It all comes down to hash algorithm anyway. GPU resistant algorithms will actually run better on a CPU and hashcat can do it too. 

 

But yeah, websites that don't do things properly may be hashing passwords in MD5 or SHA1 for example and those can brute force passwords of like 12 characters, even more when the character space is smaller than it should be. 

[CookieMaster]

Hashcat.