Top
Search n00bz.net
  • South Florida Security Resources
    • HackMiami.org
      HackMiami is made up of information security professionals, hardware engineers, network administrators, students, and those who simply enjoy technology.
    • South Florida ISSA
      The Information Systems Security Association is, "the pre-eminent trusted global information security community".
  • PenTest Solutions
    • Rapid7 Metasploit Express
      Metasploit Express is an affordable, easy-to-use penetration testing solution that provides full network penetration testing capabilities, backed by the world’s largest, fully tested and integrated public database of exploits.
    • Core Impact PRO
      Core Impact is designed to evaluate the whole of the security in an office ecosystem. It allows the user to probe for and exploit security vulnerabilities in computer networks, endpoints and web applications.
« Watch the Olympics without the stink of NBC | Main | Opening a Beer aka How I became an Apple fan! »
Tuesday
Jun122012

Lessons in LinkedIn Password Cracking

DateTuesday, June 12, 2012 at 10:17AM

So this past week the password cracking community had some excitement.  Several dumps of hashes were leaked.  One of those was LinkedIN.  This caught my eye since most professionals use this social media service.  I am a fan of passwords ever since I met Matt Weir when he presented about the science of password cracking.  One of his talking points was that people can pick anything as passwords but generally follow a pattern.  How many of us have a capital first letter and end with the number 1?  Password1 is technically a strong password in the eyes of Active Directory.

A few months ago, digininja created a tool Pipal which allows analysis of passwords.  This allowed the community a common metric and analysis tool to run the various password dumps.  Using the various data from previous dumps, I was able to fine tune my hashcat rules to be able to crack over half the LinkedIn hashes.  

Lessons Learned

  1. Start with a good dictionary.  KoreLogic has a group of amazing word lists here.  In addition, SkullSecurity has a list of previously cracked passwords and various wordlists which I also added to my master_wordlist.dic.  To make my master_wordlist.dic I would "cat infile >> master_wordlist.dic".  Make sure to use the double >> or else you wipe over the words already in the master_wordlist.dic.
  2. After adding everything to your list, you need to sort and remove the duplicates.  In Windows it is a pain since your list is too big for Excel and Access just plain stinks to use.  Score 1 for Bash! The command "sort master_wordlist.dic | uniq > master_sorted_wordlist.dic" worked perfectly.
  3. Fire up hashcat and crack!  Don't forget to use some rules and masks!  You don't need a GPU but it helps.  One thing I learned was my Dell Laptop has a nVidia card so check your gear.
  4. Now that I have a cracked list in the hash:plaintext format we need to remove the hash part.  Score 2 for Bash! The command "grep -o '[^:]*$' infile > outfile" will remove the hashes leaving you a file with only plaintext passwords.
  5. At this point you can perform a Pipal analysis or you can run your list through hashcat again using the cracked passwords as your new dictionary and apply the rules and masks.

 

 You can find the Pipal Analysis of the LinkedIn dump here.  Happy Cracking!

 

Authorn00bz Network | CommentPost a Comment | Reference1 Reference |
tagged , , , , in , ,

References (1)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Notify me of follow-up comments via email.