- This topic has 21 replies, 12 voices, and was last updated 8 years, 3 months ago by
BillV.
-
AuthorPosts
-
-
October 2, 2012 at 4:12 am #7941
Yet
ParticipantHello, please i wanted to buy Dictionary Wordlist does anyone have good idea, where i can get one? thus i saw this UNIQPASS i don’t know if anyone have used it before? also i get few questions about JtR can i crack many hashes in one list at once ? i mean all the hashes put together .
-
October 2, 2012 at 4:14 am #50234
MaXe
ParticipantThis company is famous for selling rainbow tables:
http://www.objectif-securite.ch/en/products.php(It’s even mentioned in a GIAC certification.)
-
October 2, 2012 at 4:29 am #50235
Yet
ParticipantThanks but it’s for big men .
@MaXe wrote:
This company is famous for selling rainbow tables:
http://www.objectif-securite.ch/en/products.php(It’s even mentioned in a GIAC certification.)
-
October 2, 2012 at 6:48 am #50236
MaXe
ParticipantBig men? ;D If you work for a company, get them to buy it for you in case you have a legitimate business purpose for using rainbow tables. (We have several rainbow tables.)
Anyway, there’s plenty other places you can obtain wordlists (or rainbow tables) from, and since I forget where they are, I would start with Google and Twitter.
Make sure you search for what you are looking for. There’s a difference between using wordlists (online bruteforcing) and rainbow tables (offline cracking).
-
October 2, 2012 at 8:29 am #50237
Jamie.R
ParticipantIf you just want word list then do a Google search there are a lot on a site cant remember full name skull security it might be. They have some good word list on that alternative you can buy them from the people behind john the ripper.
-
October 2, 2012 at 8:38 am #50238
Yet
ParticipantYeah that was where i found this UNIQPASS, but also can someone tell me if JtR can crack more than one hashes at a time?
-
October 2, 2012 at 8:53 am #50239
MaXe
Participant@Yet wrote:
Yeah that was where i found this UNIQPASS, but also can someone tell me if JtR can crack more than one hashes at a time?
As the CPU is working sequentially, but you can have 4 cores trying to crack 4 hashes at a time, the answer is yes and no. John however, works sequentially, and if you supply it with a list of hashes, it will try to crack the first hash in the list first.
-
October 2, 2012 at 12:12 pm #50240
superkojiman
Participantskullsecurity.org has a large list of dictionaries: http://www.skullsecurity.org/wiki/index.php/Passwords
-
October 2, 2012 at 1:15 pm #50241
cd1zz
Participantg0tmi1k’s are great http://g0tmi1k.blogspot.com/2011/06/dictionaries-wordlists.html
-
October 2, 2012 at 1:27 pm #50242
BillV
ParticipantI have uniqpass – I haven’t had an opportunity to use it enough to really form an opinion on it yet. What little I have used it, I haven’t been too impressed – more so in the fact of what it missed that other wordlists I have identified.
-
October 2, 2012 at 3:48 pm #50243
rance
ParticipantI’ve got some specialized wordlists here: http://stormthe.net/wordlists
-
October 3, 2012 at 12:14 am #50244
Yet
ParticipantWow thanks guys this is really huge .
-
October 4, 2012 at 9:06 pm #50245
Malachai
ParticipantThank you… that was great links… Will have to check them out.
-
October 5, 2012 at 3:31 am #50246
Yet
ParticipantHey is it possible for you to share? i mean no offensive .
@BillV wrote:
I have uniqpass – I haven’t had an opportunity to use it enough to really form an opinion on it yet. What little I have used it, I haven’t been too impressed – more so in the fact of what it missed that other wordlists I have identified.
-
October 5, 2012 at 8:18 am #50247
-
October 5, 2012 at 8:26 am #50248
prats84
ParticipantRecently I have been having issues cracking some of the hashes.
After about a 4 days running a attack found the hash and as such was a german word written in english.So I have started to make list of some comman words in couple languages like german, french and adding complexity to them… and creating a list.
Anyone got some better solutions
-
October 5, 2012 at 8:39 am #50249
cyber.spirit
ParticipantBruteForce attacks are much better than dictionary attacks totally because of many reasons such as wordlist doesnt include all of words, it takes much more time to crack the password and so on.
However you can find good wordlists here:
http://www.skullsecurity.org/wiki/index.php/Passwords/But u perform dictionary or bruteforce attack use the ncrack tool first. Its a very fast pass cracker open terminal in backtrack and type this command:
Ncrack -v –user :
Example:
Ncrack -v –user admin 127.0.0.1:21Goodluck and let me know if u have any problem.
CyberSpirit
-
October 5, 2012 at 9:24 am #50250
prats84
ParticipantNot really a fan of live bruteforce attack.
issue with live attach is most apps would suspend the user account if multiple failed attempts in short time.
Some apps/services could also suspend a IP and log it the admin. -
October 5, 2012 at 3:19 pm #50251
shadowzero
Participantncrack is actually no longer under development (http://seclists.org/nmap-dev/2012/q3/605). Hydra and medusa are still supported, so we’ll continue to see bugfixes and enhancements.
Here are some comparisons on their performance:
http://www.thc.org/thc-hydra/network_password_cracker_comparison.html
http://www.foofus.net/~jmk/medusa/medusa-compare.html -
October 5, 2012 at 9:19 pm #50252
cyber.spirit
Participant@shadowzero wrote:
ncrack is actually no longer under development (http://seclists.org/nmap-dev/2012/q3/605). Hydra and medusa are still supported, so we’ll continue to see bugfixes and enhancements.
Here are some comparisons on their performance:
http://www.thc.org/thc-hydra/network_password_cracker_comparison.html
http://www.foofus.net/~jmk/medusa/medusa-compare.htmlYou are right about ncrack but it doesnt that ncrack is useless. U can stil use it and hydra is a pro cracker as i’ve mentioned before i just want him/her to search for some chances with ncrack so fast then if he failed he can perform dict or bruteforce attack.
-
October 5, 2012 at 11:46 pm #50253
Yet
ParticipantHmm you don’t need to ask those questions, simple say no period, don’t make big deal out of nothing .
author=m0wgli link=topic=9334.msg52552#msg52552 date=1349425123]
@Yet wrote:Hey is it possible for you to share? i mean no offensive .
No offense, but remember you’re on the ethicalhacker.net forums, the keyword here being “ethical”.
If you want it, is $4.99 really too much to pay?
[/quote] -
October 18, 2012 at 1:25 pm #50254
BillV
ParticipantNo.
-
-
AuthorPosts
- You must be logged in to reply to this topic.