On a lark, I tried to crack my own WPA key for my local network. Captured the handshake, downloaded some wordlists, started it. I have an older CPU and graphics card, i7 4930k + GTX 1060.
Some regular CPU based method, I ran the numbers and figured it would take a bit over a week. Ran it for a day, and then decided to see if something better was available.
Read about Hashcat, gave it a go, and it finished in 90 minutes. At first, I thought I made a mistake and it crapped out, but nope! It cracked it. It was done. 90 minutes on modest hardware. Imagine if you invested some real money in it with a modern system!
I've had mixed results. For some formats (NTLM, SHA, OpenSSH, IKE, etc), John seems to be better just out of the box. I've compared it to Hashcat with a spefied format, mask, and tune. For whatever reason, 50% of the time, John runs significantly faster without any arguments.
Yes, because rainbow table attacks are still surprisingly effective. Although what is even more surprising is finding password still stored in plain text somewhere.
If the password complexity is small, than sure, you can use rainbow tables. But if the password get longer and longer, than have do you want to store the rainbow tables? Also if you have salted passwords, how are the rainbow tables going to help?
Which is why there are Identity and Access Management (IAM) and Privileged Account Management (PAM) solutions that help protect against a users own laziness.
Yes. As an example, your SSID name is used as a salt alongside your WPA2 passphrase to generate the final keys.
That means that a rainbow table that covers the most common WPA2 SSID names could offer an instant solution, and narrow the search space if no solution is found.
Not really. Rainbow tables are inflexible TMTOs that are slow to construct and have been made largely obsolete by advances in GPU cracking and more widespread use of good salts. Your WPA2 example doesn't hold up in the real world, where even default manufacturer SSIDs typically append a random number to avoid collisions with neighbors. One common pattern is manufacturer_####, that would be 10k rainbow tables per manufacturer and would only cover the defaults!
Honestly if I hear someone in infosec start talking about rainbow tables in 2022, that's a good indicator that they have not cracked passwords in a long time, or they are just regurgitating what they learned to pass some basic security cert. Hashcat on a modern GPU is blazingly fast, and barring some really niche edge case, your best bet is just going to involve throwing more GPUs at the problem.
I have now read this article and skimmed the authors blog. They're all reproductions of a basic documentation pages. Every single one is submitted to hacker news including a tutorial on writing a while loop in python.
That's a program name that I haven't heard in a while and which brings back memories :D
When I was a teenager, sometimes around 1996 or 1997, I watched the movie "Hackers" for the first time and my immature mind was immediately drawn to the idea of using computers to sneak into places you weren't supposed to. (The pretty graphics helped too.) I went online and I found an early version of John The Ripper and thought "yes, this is exactly what I want!" It would be a few years before I even learned what Unix and /etc/passwd were, but it felt so cool to have a real hacking tool on a floppy disk.
I was in college in 96. Email accounts were only for some limited staff and foreign students, but we all wanted one. I managed to get hold of one, with console access, because the mail interface was elm.
I downloaded the passwd file and took it home to crack a few passwords, intending to take over accounts that were unused.
Jack the Ripper beeped loudly every time a match was found. I had it running for hours, with the occasional beep, but suddenly the PC started beeping like crazy for a good minute. Turns out that the default password was no password at all, you'd set it up on the first login.
It had found a big bunch of accounts created and never used, so me and my friends had struck gold.
Even when we were inevitably caught it wasn't a big deal: Some "don't be naughty boys" over a few beers.
You might also remember a pretty awesome tool called Cain and Abel that not only did hash cracking but also revealed all sorts of passwords stored on Windows including the user passwords and credentials used in Internet Explorer. As an adolescent, Cain was like God Mode for Windows. Boy did I have a lot of fun using it to mess with school computers! I did nothing seriously harmful, but pulled relatively harmless pranks. Though I did once use it to get the FTP password to someone's site and defaced it with a meme, but I soon reversed it because I felt guilty. :P
Man, I remember running this and ophcrack as a 15 year old to recover the windows login password for my mom's computer after she forgot it. She was convinced her password had just stopped working, until I recovered it and she realized that she just forgot what it was lol.
Haha yes, my parents put a password to keep me from playing WoW on the family computer. When I used ophcrack to get the password they were mad (but I think a little impressed.)
There used to be this site hackers.com that had all these types of tools on it, including this one, which is where I discovered it. I was awestruck as a kid.
Roughly 1999-2006 a University of California CS department, the *nix clusters used NIS+ for login.
I ran something like: getent passwd | johntheripper and it found roughly 40 passwords in 60 seconds, including tenured profs and primary investigators.
I also downloaded a torrent of rainbowtables from some schm00 folks (when it was available) and found other passwords.
