2. About me PanggiLibersaa.k.amalcoder Student at Indonesia’s Computer University Like to take picture Almost get his CEH certification ( waiting for exam) Member of GNU/Linux User Group at Bandung [ Klub Linux Bandung ] Small web hosting owner [ hostinggokil.com , ofirnetwork.com (in progress) ] Web : malcoder.infoandopensecuritylab.org Find me : @panggimalcoder panggi_y2k panggi.libersapanggipanggi
3. “Some things Man was never meant to know. For everything else, there's Google” Geeky Quote
22. These values are used to create two DES keys, one from each 7-byte half, by converting the seven bytes into a bit stream, and inserting a parity-bit after every seven bits. This generates the 64 bits needed for the DES key.
23. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values. The DES CipherMode should Set to ECB, and PaddingMode should set to NONE.
28. Brute force Using all possible combination in sequence Example : Targeted hash : 4a8a08f09d37b73795649038408b5f33 OK.. Crack it .. a = 0cc175b9c0f1b6a831c399e269772661 <= no b = 92eb5ffee6ae2fec3ad71c777531578f <= no c = 4a8a08f09d37b73795649038408b5f33 <= yes Result : Plaintext of 4a8a08f09d37b73795649038408b5f33 is “c”
29. Dictionary Given the wordlist of common passwords Example : Targetted hash : 3858f62230ac3c915f300c664312c63f dic-crack3858f62230ac3c915f300c664312c63f- L “path-of-wordlist/wordlist.txt” searching…. … fooa <= 72b55c624205d69cc145cc610880e1f9 <= no foobar <= 3858f62230ac3c915f300c664312c63f <= yes …
30. Rainbow Tables ? A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash function, often a cryptographic hash function. A common application is to make attacks against hashed passwords feasible (http://en.wikipedia.org/wiki/Rainbow_tables)
33. Time for the Demo Example : md5_hash.txt 20392298d6b78e0890cd22a7bf071c49 c9122fd7bae0681b62a39ddfc1c7fb19 469590a45cc7f985b53d15113157e6ea 31c9febeeb68929cd6c097239cf3e9d3 2e19ab163556288cf239f5339927e408 dcb76da384ae3028d6aa9b2ebcea01c9 d1cbedff31b828ac2f15548357988073 c94630fe9dea660ba53ddf5d3a41e802 73e405227c02a626e66f0dc4dd3a53a3 9486f7a4fdf724cf6cacbdc103661fce 26f803e714f7d39c0b5a9dd67d03f887 0248750eb423b999bd684b10668f7241 9ac17fc47347d505c92e3ca31fee675d b65a81125dbfaab4a3ecdff26a979309 3fde6bb0541387e4ebdadf7c2ff31123 d695f8f703c1b3b0dce9d588a4d4abad 86acaeb6d0f7241ea54b73528fa204ca 78c5d5ed7ea4372435e9f006b29ea745 75003783871e9404cd0793ca81594841 e63d33d7ad4b4360f761634de070a860 a9684b0defabebc108720fda1627f43d b150e73aa5fc110c27320c98effcc0f1 464b59d944c93b6a5eb3dfd0abf15114 4e3d682f0821b23f6d49fa1ac2cf154a d740ee7f1cd46b3d536a6f4331a4c77f 13781c244d5bb85a296bcbe4ac7992f7 bcdc908a16dbfe1297b4b0891ccf9ed7 10f97476043d02db1a236b877232c0a6 d81bf97286c617c77b679478ce8b72b2 7279f67e313cc35e518f94c775a42196
34. Result D:ashcrack>rcrack d:d5_tables.rt -l md5_hash.txt md5_alpha#1-7_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 9.99 s verifying the file... searching for 30 hashes... plaintext of 20392298d6b78e0890cd22a7bf071c49 is PANGGI plaintext of c9122fd7bae0681b62a39ddfc1c7fb19 is LOVE plaintext of 469590a45cc7f985b53d15113157e6ea is MUSTIKA cryptanalysis time: 377.34 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 73.13 s verifying the file... searching for 27 hashes... plaintext of 31c9febeeb68929cd6c097239cf3e9d3 is P4ST1 plaintext of d81bf97286c617c77b679478ce8b72b2 is 050479 cryptanalysis time: 102.56 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 60.70 s verifying the file... searching for 25 hashes... plaintext of 10f97476043d02db1a236b877232c0a6 is 7201421 cryptanalysis time: 28.19 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 68.28 s verifying the file... searching for 24 hashes... cryptanalysis time: 28.24 s md5_alpha-numeric#1-7_0_2400x40000000_panggi#003.rt: 640000000 bytes read, disk access time: 67.72 s verifying the file... searching for 24 hashes... cryptanalysis time: 27.81 s
35. md5_loweralpha#1-7_0_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 36.22 s verifying the file... searching for 24 hashes... plaintext of d1cbedff31b828ac2f15548357988073 is nashien plaintext of c94630fe9dea660ba53ddf5d3a41e802 is herc plaintext of 73e405227c02a626e66f0dc4dd3a53a3 is hayati cryptanalysis time: 79.63 s md5_loweralpha#1-7_1_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 2.86 s verifying the file... searching for 21 hashes... plaintext of 2e19ab163556288cf239f5339927e408 is nunung plaintext of dcb76da384ae3028d6aa9b2ebcea01c9 is sayang cryptanalysis time: 73.33 s md5_loweralpha#1-7_2_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 9.56 s verifying the file... searching for 19 hashes... cryptanalysis time: 69.08 s md5_loweralpha#1-7_3_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 2.45 s verifying the file... searching for 19 hashes... cryptanalysis time: 69.38 s md5_loweralpha#1-7_4_2100x8000000_panggi.rt: 128000000 bytes read, disk access time: 12.00 s verifying the file... searching for 19 hashes... cryptanalysis time: 69.20 s md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 17.91 s verifying the file... searching for 19 hashes... plaintext of 3fde6bb0541387e4ebdadf7c2ff31123 is 1q2w3e cryptanalysis time: 75.73 s md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 14.73 s verifying the file... searching for 18 hashes... plaintext of 26f803e714f7d39c0b5a9dd67d03f887 is 8u7y6t cryptanalysis time: 21.09 s
36. md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 13.91 s verifying the file... searching for 17 hashes... cryptanalysis time: 20.03 s md5_loweralpha-numeric#1-7_0_2400x40000000_panggi#003.rt: 640000000 bytes read, disk access time: 14.20 s verifying the file... searching for 17 hashes... plaintext of 9486f7a4fdf724cf6cacbdc103661fce is metty77 cryptanalysis time: 19.31 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 14.41 s verifying the file... searching for 16 hashes... plaintext of 9ac17fc47347d505c92e3ca31fee675d is 4Dm1n plaintext of b65a81125dbfaab4a3ecdff26a979309 is Pa55 plaintext of d695f8f703c1b3b0dce9d588a4d4abad is UN1k0M plaintext of 75003783871e9404cd0793ca81594841 is G0D$ plaintext of 464b59d944c93b6a5eb3dfd0abf15114 is c(%H2n plaintext of d740ee7f1cd46b3d536a6f4331a4c77f is *$^#&3 plaintext of 13781c244d5bb85a296bcbe4ac7992f7 is h@xX0r cryptanalysis time: 33.47 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 12.95 s verifying the file... searching for 9 hashes... plaintext of 0248750eb423b999bd684b10668f7241 is iMoeTh plaintext of e63d33d7ad4b4360f761634de070a860 is w_Bu5H plaintext of 4e3d682f0821b23f6d49fa1ac2cf154a is R@54In cryptanalysis time: 3.86 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 12.92 s verifying the file... searching for 6 hashes... plaintext of 78c5d5ed7ea4372435e9f006b29ea745 is !Q@W#E plaintext of a9684b0defabebc108720fda1627f43d is 1!q^YW cryptanalysis time: 2.36 s
37. md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#003.rt: 640000000 bytes read, disk access time: 18.03 s verifying the file... searching for 4 hashes... plaintext of 86acaeb6d0f7241ea54b73528fa204ca is 5TR0n6 cryptanalysis time: 1.78 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#004.rt: 640000000 bytes read, disk access time: 12.38 s verifying the file... searching for 3 hashes... cryptanalysis time: 1.38 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#005.rt: 640000000 bytes read, disk access time: 12.41 s verifying the file... searching for 3 hashes... plaintext of b150e73aa5fc110c27320c98effcc0f1 is p@N66i cryptanalysis time: 1.38 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#006.rt: 640000000 bytes read, disk access time: 12.44 s verifying the file... searching for 2 hashes... cryptanalysis time: 0.94 s md5_numeric#1-9_0_3000x3000000_panggi#000.rt: 48000000 bytes read, disk access time: 0.72 s verifying the file... searching for 2 hashes... plaintext of bcdc908a16dbfe1297b4b0891ccf9ed7 is 29041987 plaintext of 7279f67e313cc35e518f94c775a42196 is 776284123 cryptanalysis time: 23.86 s statistics ------------------------------------------------------- plaintext found: 30 of 30 (100.00%) total disk access time: 499.91 s total cryptanalysis time: 1129.94 s total chain walk step: 453610884 total false alarm: 853120 total chain walk step due to false alarm: 675710917
39. Mr. @ialexs‘s request (pass : maLam1) K:ainbowashcrack>rcrack k:ainbowd5_tablesd5_mixalpha-numeric*.rt -h 7d 62eaa2e2a3da203573dc408d31cd0d md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#000.rt: 640000000 bytes read, disk access time: 40.91 s verifying the file... searching for 1 hash... cryptanalysis time: 3.41 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#001.rt: 640000000 bytes read, disk access time: 45.14 s verifying the file... searching for 1 hash... cryptanalysis time: 0.45 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#002.rt: 640000000 bytes read, disk access time: 47.19 s verifying the file... searching for 1 hash... cryptanalysis time: 0.47 s md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#003.rt: 640000000 bytes read, disk access time: 45.22 s verifying the file... searching for 1 hash... cryptanalysis time: 0.44 s
40. md5_mixalpha-numeric-symbol14-space#1-6_0_2400x40000000_panggi#004.rt: 640000000 bytes read, disk access time: 46.28 s verifying the file... searching for 1 hash... plaintext of 7d62eaa2e2a3da203573dc408d31cd0d is maLam1 cryptanalysis time: 0.22 s statistics ------------------------------------------------------- plaintext found: 1 of 1 (100.00%) total disk access time: 224.73 s See the time.. total cryptanalysis time: 4.98 s total chain walk step: 2876401 total false alarm: 2252 total chain walk step due to false alarm: 1882084 result ------------------------------------------------------- 7d62eaa2e2a3da203573dc408d31cd0d maLam1 hex:6d614c616d31 K:ainbowashcrack>
41. Windows Password (LM) Dump it first K:wdump7>PwDump7.exe > pass_win.txt Pwdump v7.1 - raw password extractor Author: Andres TarascoAcuna url: http://www.514.es K:wdump7>
42. pass_win.txt ( $ sign is censored by me ) Administrator:500:NO PASSWORD*********************:95C735766$$$$$$$$EAC22EC$$$$18CF::: Guest:501:NO PASSWORD*********************:NO PASSWORD*********************::: __vmware_user__:1011:NO PASSWORD*********************:2E4D88$$$$$$$$$$$$701F71FD7F63B9::: apache2triad:1013:A215FD4C479AAEC8$$$$$$$$$$465971:6B93A1E44490938$$$$$$$$$$E4C4D63::: okay:1014:3EABC00C9F7B74B09A0F5D12D8F612D0:34976BC196DADD52A6D02AE530F806C3::: HelpAssistant:1015:F681E43E4269$$$$$$3D27C551$$$$$$:32EB$$$$$$159997D$$$$$$1EC24BA2A::: percobaan:1016:3EABC00C9F7B74B09A0F5D12D8F612D0:34976BC196DADD52A6D02AE530F806C3::: crack it
44. How to secure it ? MD5 Use salted password ( not naked ) Example : <?function enchsetenev($toencode,$times){ $salt = 's+(_a*'; for($zo=0;$zo<$times;$zo=$zo+1) { $toencode = hash('sha512',salt.$toencode); $toencode = md5($toencode.$salt); } return $toencode;} ?>how to use it ?simply.. <?$password="this password is super ultra mega secure and no one would decrypt it for atleast 10 years.. or even alot more :)";$supersecurepassword=enchsetenev($password,1000); ?>