Main
Codex
Librarium Whitehat
Advisories
Blog Pics
"Inveniam viam aut faciam" : I will either find a way, or I shall make one

Adeptus-Mechanicus - BlogMe


Hash Monitoring Setup

I like working on cracking password hashes but nice big data sets don’t come along often (good news, bad news) but there are lots of smaller dumps that happen (again.. good news/bad news). Most of these dumps are put on sites like pastebin, and in order to help people stay up to date there are monitoring bots that notify you if something is found. The best of these even notify folks via twitter (for example, @pastebindorks @dumpmon etc). This is very useful and very helpful. But it does mean you need to monitor the accounts. And since some of these paste sites have taken to removing these dumps, you need to act quickly. This causes problems for all of us unable to monitor our twitter feeds 24×7. But in the normal spirit of the security minded community (“I will replace you with a small shell script”) the folks at TekDefense have created a python (not quite shell) script to monitor certain twitter accounts and parse through the links provided to download and store the hashes.
Address : <http://www.adeptus-mechanicus.com/codex/hashmon/hashmon.php>

Published by erich, on September 15th, 2013 at 3:29 am. Filled under: General2 Comments

Hashdumps and Password – Update

25-Aug-2013: Some progress across all lists. Thanks to Grant Willcox (@tekwizz123) specifically for contributions to “Walla” and “Casio” cracking and for pointing a bunch of us (@jmgosney @drb0n3z @CrackTheHash @hacktalkblog @rubenthijssen and others) to a stack of past dumps. So with the number of small dumps, I now add anything with less then 10,000 hashes to a “misc” list with a note -if possible- of the source. So I have added “DamnSmallLinux“, “Dhool“, “Gaming“, “FFGBeach“, “Battlefield” and “Misc-2013-MD5“.
Address : <http://www.adeptus-mechanicus.com/codex/hashpass/hashpass.php>

Published by erich, on August 25th, 2013 at 9:31 pm. Filled under: GeneralNo Comments

1,2,3 CHROOT JAIL

1, 2, 3 CHROOT JAIL

With the Advent of Redhat finally moving into the 21st century we are finally able to create a chroot sftp server without modified packages. A chroot sftp server is a sftp server that has a locked down home directory to prevent untrusted users from fiddling with the underlying operating system. A typical scenario where one would use this is a secure upload and dropoff for acquiring larger files from untrusted third parties.
Address : <http://www.adeptus-mechanicus.com/codex/contrib/nm-123ch/nm-123ch.php>

Published by nic, on August 18th, 2013 at 11:37 pm. Filled under: GeneralNo Comments

Metasploitable Model Answer

Previously we went through setting up an attack and a target virtual machine (see here) with the target machine being ‘metasploitable‘. This target was developed to help people use metasploit, so lets see how much we can do using that tool.

Address : <http://www.adeptus-mechanicus.com/codex/metamod/metamod.php>

Published by erich, on June 9th, 2013 at 1:37 am. Filled under: GeneralNo Comments

Metasploitable using Virtualbox with CLI

Having the ability to target a machine without going to jail is a good thing. There are lots of these types of setup’s available, but one of the more well-known is the ‘metasploitable‘ setup. It is a great way to get to know your way around metasploit and practice some basic methods. More importantly, it is made to be run as a virtual machine. So what I am going to go through now is how to setup a ‘attack’ machine (kali) and a ‘target’ machine using virtualbox and the command line (why the command line? well, just because really).

Address : <http://www.adeptus-mechanicus.com/codex/msfable/msfable.php>

Published by erich, on May 27th, 2013 at 3:00 am. Filled under: GeneralNo Comments

Friday Spam – too many cartoons

It is sometimes strange how your mind links thoughts together. Normally browsing the morass that is my email box it goes something like “spam….spam….spam….ham…spam“….and so on. But when I saw this:

The first thing I thought of was this..

http://a1.mzstatic.com/us/r30/Publication/v4/06/a4/a7/06a4a762-6025-78f3-0665-861f7d170388/DE_Say_Ahhh_Dora_Goes_to_the_Doctor_thumb.225x225-75.jpg

..and “What has Swiper done now?”. Yes, I have watched too many cartoons with my ‘zergling’ 🙂 So thank you spammer james@brajeshastro.com for my friday laugh.

Published by erich, on May 17th, 2013 at 1:35 pm. Filled under: GeneralNo Comments

FFGBEACH = HEAD+DESK or FANTASYFASHIONGAME.COM FAIL

Let me start by saying I was not sure about writing this particular article but after some serious thought I figured not doing so would be doing more harm then doing it. This article is a documentation of a tragedy of errors that shows how bad things can be, the lies a company can tell and just general stupidity (I make no apologies for using that term by the way). Before we start, all screenshots I show come from the last 2 days. This is important as you will see…
Address : <http://www.adeptus-mechanicus.com/codex/ffsffg/ffsffg.php>

Published by erich, on May 10th, 2013 at 5:51 pm. Filled under: GeneralNo Comments

Hashdumps and Passwords

05-Apr-2013: Added “Project Hellfire“, “Project Whitefox“, “InfoSecWest 2012” and “InsidePro 2012” for 2012. Added “Project Sunrise“, “Walla“, “Casio.cn” and “ABC” for 2013. Some progress across all lists. I have also been asked to compress the dic and hash files so that is done.
Address : <http://www.adeptus-mechanicus.com/codex/hashpass/hashpass.php>

Published by erich, on April 7th, 2013 at 10:51 pm. Filled under: GeneralNo Comments

Update: John the Ripper and Hashcat – Markov mode comparison – “Take 2”

UPDATE (4-Feb-2013): After I first put this up, I got some comments that I had not tested the situation where the passwords used in the training dataset were no longer in the hashlist. This is an extremely valid comment as this is the normal usage of the Markov mode – you use what you have to find more. So I have added in these tests at the bottom of the page. Take a look, the results are still interesting.
Address : <http://www.adeptus-mechanicus.com/codex/markov2/markov2.php>

Published by erich, on February 5th, 2013 at 3:28 am. Filled under: GeneralNo Comments

John the Ripper and Hashcat – Markov mode comparison – “Take 2”

Recently I did a test on how the Markov mode implementation worked between my two favourite cracking tools, John the Ripper (JTR) and Hashcat (see here). At that time, JTR seemed to be the one finding the most passwords and relevant common words. After that, “atom” the brains behind hashcat was kind enough to allow me to run his updated version of the hashcat Markov utility and see how it performed. The results are below, and they are something. I used the same training data and hash list as previous to make the test results as fair as possible.
Address : <http://www.adeptus-mechanicus.com/codex/markov2/markov2.php>

Published by erich, on February 3rd, 2013 at 4:23 am. Filled under: GeneralNo Comments