Friday, March 23, 2007

spinnoffs, volume one or "size DOES matter"


We're currently working on some small serversniff-spinoffs. Very focussed microsites with limited functionality. The first to be launched a few days ago was www.hashcrack.com, a site dedicated to reverse-lookups for several hashtypes.

We know quite a lot of hash-crackers and reverse-lookup-sites - but none of them was the thing we really wanted. Most of them have a limited count of hashes - the biggest we found were >200.000.000 words. There are a few bigger ones supporting crackers like john the ripper or rainbow-tables.

But almost all are limited to MD5-Lookups. Hey guys, it's 2007 and we do it-security. Occasionally i need to reverse other unsalted hashes: MySQL, SHA1 or plain old Windows, be it NTLM or LanMananger. Computingpower and harddrives are cheap - so were working on the ultimate site for database-driven hashlookus, supporting
  • MD5
  • SHA1
  • LanManager
  • NTLM
  • MySQL 3
  • MySQL 4
We were looking for wordlists. We gathered what we could get hold of, threw it together and did a little sorting. We ended up with 250MB of plaintext. We used john the ripper to create a list with all possible character-combinations for 1-4 chars length. Another 410 MB plaintext. I did want more, so i downloaded almost all wikipedia-databases, threw them together in a huge textfile, sorted out very long and very short strings, sorted out some wiki-formatting, sorted out all the millions of dupes and ended up with a gzipped file with a size of 202 MB that we simply call the mother of all wordlists. We're in the process of importing all three lists into our hash database.
Hashcrack.com currently lists 11.000.000 Words with ~ 65.000.000 Hashes on a (nearly) static database for we needed some data to experiment with. When we're finished with creating all those hashes we'll simply upgrade hashcrack.com to far more than 1.000.000.000 known hashes, hoping that it'll be of any use.
We welcome any opinions, comments and listings of your favourite reverse-lookup-sites.

tom

1 comment:

voyance gratuite par mail rapide said...

Thanks for share this information with us, I always come across this amazing post.