now i want to share my experience about differences crack password using John The Ripper and GPU oclhashcat+. ok,check this out :D
i have a Badstore ctf on my virtualbox,
i was take over that databases,, in there are one database, badstoredb.
so i try to find users table in there. this is the user tables..
wow, now i have user and password,but the password not hash :(
don't worry guys, now i want to using John The Ripper and GPU oclhashcat+ to crack password's admin, i will try to create two file with name JTR and GPU to distinguish between JTR with GPU. we are using admin password to JTR and GPU.
this is same hash from admin. i run JTR with GPU on the same time, same dictionary (darkc0de.lst).. but what i see, GPU can fast crack the password!
let's see this !
====================================================
root@bt:/pentest/passwords/oclhashcat+# ./oclHashcat-plus32.bin -m 0 /root/Desktop/gpu /pentest/passwords/wordlists/darkc0de.lst
oclHashcat-plus v0.07 by atom starting...
Hashes: 1
Unique digests: 1
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
GPU-Loops: 128
GPU-Accel: 40
Password lengths range: 1 - 15
Platform: AMD compatible platform found
Watchdog: Temperature limit set to 90c
Device #1: Loveland, 384MB, 0Mhz, 2MCU
Device #1: Allocating 12MB host-memory
Device #1: Kernel ./kernels/4098/m0000_a0.Loveland.32.kernel (1130280 bytes)
Scanning dictionary /pentest/passwords/wordlists/darkc0de.lst: 1047587 bytes (5.Scanned dictionary /pentest/passwords/wordlists/darkc0de.lst: 17975854 bytes, 1707657 words, 1707657 keyspace, starting attack...
5ebe2294ecd0e0f08eab7690d2a6ee69:secret
Status.......: Cracked
Input.Mode...: File (/pentest/passwords/wordlists/darkc0de.lst)
Hash.Target..: 5ebe2294ecd0e0f08eab7690d2a6ee69
Hash.Type....: MD5
Time.Running.: 0 secs
Time.Util....: 924.9ms/524.9ms Real/CPU, 131.2% idle
Speed........: 1616.4k c/s Real, 1880.1k c/s GPU
Recovered....: 1/1 Digests, 1/1 Salts
Progress.....: 1550322/1707657 (90.79%)
Rejected.....: 55282/1550322 (3.57%)
HW.Monitor.#1: 63% GPU, 72c Temp
Started: Tue Sep 25 05:25:58 2012
Stopped: Tue Sep 25 05:25:59 2012
root@bt:/pentest/passwords/oclhashcat+#
====================================================
and see JTR :
====================================================
root@bt:/pentest/passwords/john# john /pentest/passwords/wordlists/darkc0de.lst /root/Desktop/JTR
Warning: only loading hashes of type "trip", but also saw type "pix-md5"
Use the "--format=pix-md5" option to force loading hashes of that type instead
Warning: only loading hashes of type "trip", but also saw type "des"
Use the "--format=des" option to force loading hashes of that type instead
Warning: only loading hashes of type "trip", but also saw type "mysql"
Use the "--format=mysql" option to force loading hashes of that type instead
Warning: only loading hashes of type "trip", but also saw type "oracle"
Use the "--format=oracle" option to force loading hashes of that type instead
Warning: only loading hashes of type "trip", but also saw type "lm"
Use the "--format=lm" option to force loading hashes of that type instead
Loaded 48504 password hashes with no different salts (Tripcode DES [128/128 BS SSE2])
guesses: 0 time: 0:00:22:12 0.00% (3) c/s: 16596M trying: 41675*1d - 4176791d
Session aborted
root@bt:/pentest/passwords/john#
====================================================
it's very different guys..
ok see next time:D
