Free Rainbow Tables | Forum

Home of the Distributed Generator and Cracker
It is currently 19 Apr 2014, 08:52

All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 27 posts ]  Go to page Previous  1, 2
Author Message
PostPosted: 17 Oct 2011, 06:01 
Offline
MΩth √G∑∏∫∪≤

Joined: 03 Dec 2007, 11:37
Posts: 1059
For those who are wondering hybrid2 has "horizontal" sub key spaces and hybrid3 has "vertical" sub key spaces.
Each sub key space in hybrid2 is concatenated together and each sub key space in hybrid3 has it's own per position character sets for a fixed length password.

So hybrid2 can be set up to crack something like this ([a-z]{5})([0-9]{1,3}) or ([A-Z])([a-z]{3,4})([0-9]{1,3}) but not both in the same table.
This is where hybrid3 comes in with a single table that can crack something that matches any of the following:
[a-z]{5}[0-9]{1}
[a-z]{5}[0-9]{2}
[a-z]{5}[0-9]{3}
[A-Z][a-z]{3}[0-9]{1}
[A-Z][a-z]{3}[0-9]{2}
[A-Z][a-z]{3}[0-9]{3}
[A-Z][a-z]{4}[0-9]{1}
[A-Z][a-z]{4}[0-9]{2}
[A-Z][a-z]{4}[0-9]{3}

Basically I forgot that hybrid2 work that way and thought it was like what hybrid3 is. Which caused major communication problems with quel. The ONLY problem with hybrid2 is that its key spaces are limited in comparison to hybrid3.

_________________
http://www.tobtu.com/


Top
 Profile  
 
 Post subject:
Posted: 17 Oct 2011, 06:35 


Top
  
 
PostPosted: 17 Oct 2011, 06:35 
Offline
Total Hash Enlightenment

Joined: 15 Jul 2009, 22:38
Posts: 1483
Location: Dallas, TX, USA
We also need better names for this.

If you take the current set: hybrid2(alpha#1-1,loweralpha#5-5,loweralpha-numeric#2-2,numeric#1-3) then encoding it in RTI2 as Sc00bz intended (and what is a hybrid3 construct): hybrid3(hybrid2(alpha#1-1,loweralpha#5-5,loweralpha-numeric#2-2,numeric#1-1),hybrid2(alpha#1-1,loweralpha#5-5,loweralpha-numeric#2-2,numeric#2-2),hybrid2(alpha#1-1,loweralpha#5-5,loweralpha-numeric#2-2,numeric#3-3))

This is 3 sub key spaces composed of each hybrid2 that contains sub sub key spaces. Now, to be fair something like an Omni set won't ever fit in 255 characters of a file name and so hybrid3 is likely to be an internal name of sorts that isn't exposed to the user.

Within the RTI2 naming each sub key space is composed of 1...N hybrid character sets which refers to a character set at a given length. So encoding one of the hybrid2s is three sub key spaces with 4 hybrid character sets of lengths 1, 5, 2, and 1 (2 and 3 for the 2nd and 3rd sub key space).

In a sense you can think of hybrid2 as what hybrid was intended to be in the first place. Then, thinking of hybrid3 as the full RTI2 sub key space implementation or as the enclosing/"super set" construction. Of course making a clear RTI2.0 specification is difficult enough and all of this will eventually become RTI2.1. To have to describe hybrid3's that enclose hybrid2s of fixed length and that hybrid3 has sub key spaces, hybrid2 has sub sub key spaces, and that each hybrid 2 sub sub key space actually refers to RTI2 hybrid character sets...just naming even if internal to the construct, format, and spec need to be understood by more than just Sc00bz and I :D

It's ok to nod and smile and just ignore this post since Sc00bz and I spent some time rather perplexed with each other and finally had a real time conversation in which we both realized we weren't talking about the same things.

I'm going to attach a draft copy of the RTI2.0 spec WARNING DRAFT and in some cases I just threw stuff on the end. This spec actually has what is hybrid3 at the end *and* the character/sub key space encoding on disk for the RTI 2.0 releases so far has incorrect header encoding and the file name must be used for those bits. This copy is only being attached for review and comment and *should not* be used for implementation of the format. This attached specification should be considered public domain.

Update: removed the attachment as the spec is now on the download page or directly via this link


Top
 Profile  
 
PostPosted: 30 Oct 2011, 05:04 
Offline
Guesser

Joined: 30 Oct 2011, 04:58
Posts: 34
ntlm_hybrid2(alpha#1-1,loweralpha#5-5,loweralpha-numeric#2-2,numeric#1-3)#0-0_3_60000



12791.499937 million chains in total
0 million chains completed
12791 million chains left

anyone knows when they will generate chains for this table?


Top
 Profile  
 
PostPosted: 30 Oct 2011, 08:00 
Offline
Total Hash Enlightenment

Joined: 15 Jul 2009, 22:38
Posts: 1483
Location: Dallas, TX, USA
eduardomb2 wrote:
ntlm_hybrid2(alpha#1-1,loweralpha#5-5,loweralpha-numeric#2-2,numeric#1-3)#0-0_3_60000



12791.499937 million chains in total
0 million chains completed
12791 million chains left

anyone knows when they will generate chains for this table?


Completed refers to when assimilation and perfecting has finished. There are 488 WUs not yet assimilated (and possibly not yet back). The table is essentially nearly or is completed on the generation side. md5_mixalpha-numeric-all-space#1-8_32_422000 is fully completed on the generation and assimilation side but the idea to perfect once at the end of a table due to our extra available disk space turned out to not scale as expected. So we've been splitting the 1000 or so 2.5G chunks into perfecting runs of 100 or 200 files at a time and merging them. One of these runs takes close to 24 hours.

work generator adds work to the feeder -> feeder sends the work -> upload handler receives the incoming work -> validator checks the work -> upon validation pass the assimilator merges the single WUs into the 2.5G chunks (it does a bit more than that but that's the gist) -> assimilated parts are ready for perfecting runs -> completed perfecting on all assimilated WUs means the data is ready for conversion and syncing for hosting

Only 192k WUs in the assimilator queue.


Top
 Profile  
 
PostPosted: 30 Oct 2011, 17:55 
Offline
Guesser

Joined: 30 Oct 2011, 04:58
Posts: 34
Thanks for the infos ;)


Top
 Profile  
 
PostPosted: 25 Nov 2011, 20:34 
Offline
Shoulder Surfer

Joined: 20 Jan 2009, 21:12
Posts: 8
my suggestion for future tables is to create tripple-md5 tables instead of normal md5() tables. The approach is similar to the one of the mysql4 tables: you can crack multiple hash types using one table.

Most commonly in the wild used tyoes are md5(hex(md5())) and md5(hex(md5(hex(md5())))) hashes (referring to multi md5 hashes) according to what i have seen so far. So it would be a cool thing to focus on such tables instead of md5() (or as suggested in the first post double binary md5).


Top
 Profile  
 
PostPosted: 25 Nov 2011, 21:37 
Offline
Total Hash Enlightenment

Joined: 15 Jul 2009, 22:38
Posts: 1483
Location: Dallas, TX, USA
undeath wrote:
my suggestion for future tables is to create tripple-md5 tables instead of normal md5() tables. The approach is similar to the one of the mysql4 tables: you can crack multiple hash types using one table.

Most commonly in the wild used tyoes are md5(hex(md5())) and md5(hex(md5(hex(md5())))) hashes (referring to multi md5 hashes) according to what i have seen so far. So it would be a cool thing to focus on such tables instead of md5() (or as suggested in the first post double binary md5).


Links to stats on the uses of these other forms would be handy.

double binary md5 would be usuable for that purpose and for single md5
md5(hex(md5(plain))) would be usable for that purpose and for single md5

Note the above two for the final output are incompatible with each other. Examples:

plain: test
hex(md5(plain)): 098f6bcd4621d373cade4e832627b4f6
hex(md5(hex(md5(plain)))): fb469d7ef430b0baf0cab6c436e70375
hex(md5(md5(plain))):60cd54a928cbbcbb6e7b5595bab46a9e

I didn't know triple was in much use. mysqlsha1 is double binary sha-1. I added a -d option to rcracki_mt so that you can run plain sha-1 hashes against mysqlsha-1 tables and adding this for variants of md5 is straight forward. The RTI 2.0 spec has md5, double binary md5, double md5, sha-1, and mysqlsha1 (double binary sha-1). I guess for completeness in RTI 2.1 I should add double sha-1 and if in fact the triple variants are in much use then those as well. For that matter if some geniuses went from double to triple for "security" then they'll prob will be quadruple before long and then perhaps considering a iteration count would be more appropriate.

Of course we can extend to triple binary md5 or triple md5 (hex) and those tables would be usable against double of the same class (hex or binary) and against single.


Top
 Profile  
 
PostPosted: 25 Nov 2011, 22:33 
Offline
Shoulder Surfer

Joined: 20 Jan 2009, 21:12
Posts: 8
well, actually tripple-md5 is not that popular. But it is definitely much more popular than md5(binary(md5())). I can not remember having seen a single one of these. (I'm moderator at hashkiller forums, so I have seen many hashes ;) ) Compared to this statistic tipple-md5 (with hex-endcoded hashes) is much more popular.

Double-md5 (hex encoded) might be sufficient for most people, but, well, if we have the ability to create tripple-md5 tables it should be used.


Top
 Profile  
 
PostPosted: 06 Aug 2012, 13:36 
Offline
Shoulder Surfer

Joined: 06 Aug 2012, 13:16
Posts: 1
In our times, more and more people are using Windows 7. The more they will need hashes used in this system.

NTLMv2 is already in good progress, but maybe MS Cache v2? It is very difficult to compute (10240 repetitions of SHA1 + username as salt, see http://openwall.info/wiki/john/MSCash2) but it is also very valuable (most computers in domains have cached domain administrator password).

Just my 2 cents.


Top
 Profile  
 
PostPosted: 09 Jun 2013, 12:59 
Offline
Shoulder Surfer

Joined: 16 Mar 2013, 16:52
Posts: 3
Location: Russia
offer to generate DES(UNIX) lenght 1-8 (full set)
total weght ~1Tb :D


Top
 Profile  
 
PostPosted: 03 Jul 2013, 07:22 
Offline
MΩth √G∑∏∫∪≤

Joined: 03 Dec 2007, 11:37
Posts: 1059
teraflopgroup wrote:
offer to generate DES(UNIX) lenght 1-8 (full set)
total weght ~1Tb :D

DES(UNIX) has a 12 bit salt so you need to make 4096 different RTs (one for each salt). Making it 4 PB.

_________________
http://www.tobtu.com/


Top
 Profile  
 
PostPosted: 12 Dec 2013, 15:46 
Offline
Shoulder Surfer

Joined: 19 Oct 2007, 11:42
Posts: 3
Hi ,

Is it planned to generate some new NTLM Tables with a lenght of 1-10 or 1-12 or more ?
Thank you for all and Great job :)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 27 posts ]  Go to page Previous  1, 2

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group