Weakpass - defcon russia 23

3,897 views

Published on

http://defcon-russia.ru

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,897
On SlideShare
0
From Embeds
0
Number of Embeds
2,389
Actions
Shares
0
Downloads
11
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Слайд с данными сравнения относительно всего другого
  • Слайд с данными сравнения относительно всего другого
  • Кто нужен?
  • Weakpass - defcon russia 23

    1. 1. W3@|cP@$s passwords, passwords never changes 09/07/2015 DCG #7812 by @w34kp455
    2. 2. What is it? Defcon Russia (DCG #7812) 2
    3. 3. What is it? 1) Need more p@s$W0rdS 2) Dictionary bruteforce 3) Ultimate dictionary – Duplicates remove 4) All in one place Defcon Russia (DCG #7812) 3
    4. 4. What is it? Too many dictionaries Too little time Defcon Russia (DCG #7812) 4
    5. 5. Features • Source and Alt. links (+ drive/dropbox/mega) • Passwords count • Size • Recovery rate – Recovery rate to size • Some samples ( for better understanding) Defcon Russia (DCG #7812) 5
    6. 6. Passpal? Charset frequency, sorted by count, full table +------------------------------------------------------------------------+ | Charset | Count | Of total | Count/keyspace | +------------------------------------------------------------------------+ | lower-upper-numeric-symbolic | 24278 | 99.9547 % | 255.55789473684212 | | lower-upper-numeric | 24228 | 99.7489 % | 390.7741935483871 | | lower-numeric-symbolic | 23579 | 97.0769 % | 341.72463768115944 | | lower-numeric | 23537 | 96.9039 % | 653.8055555555555 | | lower-upper-symbolic | 4864 | 20.0255 % | 57.22352941176471 | | lower-upper | 4835 | 19.9061 % | 92.98076923076923 | | lower-symbolic | 4652 | 19.1527 % | 78.84745762711864 | | lower | 4624 | 19.0374 % | 177.84615384615384 | | upper-numeric-symbolic | 1148 | 4.7264 % | 16.63768115942029 | | upper-numeric | 1139 | 4.6894 % | 31.63888888888889 | | numeric-symbolic | 1107 | 4.5576 % | 25.74418604651163 | | numeric | 1099 | 4.5247 % | 109.9 | | upper-symbolic | 20 | 0.0823 % | 0.3389830508474576 | | upper | 12 | 0.0494 % | 0.46153846153846156 | | symbolic | 8 | 0.0329 % | 0.24242424242424243 | +------------------------------------------------------------------------+ Defcon Russia (DCG #7812) 6 +----------------------------+ | Length | Count | Of total | +----------------------------+ | 0 | 6 | 0.0247 % | | 1 | 8 | 0.0329 % | | 2 | 1 | 0.0041 % | | 3 | 9 | 0.0371 % | | 4 | 229 | 0.9428 % | | 5 | 376 | 1.548 % | | 6 | 2116 | 8.7118 % | | 7 | 1550 | 6.3815 % | | 8 | 17944 | 73.8771 % | | 9 | 1044 | 4.2982 % | | 10 | 589 | 2.425 % | | 11 | 241 | 0.9922 % | | 12 | 105 | 0.4323 % | | 13 | 44 | 0.1812 % | | 14 | 12 | 0.0494 % | | 15 | 13 | 0.0535 % | | 16 | 2 | 0.0082 % | +----------------------------+ https://digi.ninja/projects/pipal.php http://thepasswordproject.com/passpal
    7. 7. Passpal? Charset frequency, sorted by count, full table +------------------------------------------------------------------------+ | Charset | Count | Of total | Count/keyspace | +------------------------------------------------------------------------+ | lower-upper-numeric-symbolic | 24278 | 99.9547 % | 255.55789473684212 | | lower-upper-numeric | 24228 | 99.7489 % | 390.7741935483871 | | lower-numeric-symbolic | 23579 | 97.0769 % | 341.72463768115944 | | lower-numeric | 23537 | 96.9039 % | 653.8055555555555 | | lower-upper-symbolic | 4864 | 20.0255 % | 57.22352941176471 | | lower-upper | 4835 | 19.9061 % | 92.98076923076923 | | lower-symbolic | 4652 | 19.1527 % | 78.84745762711864 | | lower | 4624 | 19.0374 % | 177.84615384615384 | | upper-numeric-symbolic | 1148 | 4.7264 % | 16.63768115942029 | | upper-numeric | 1139 | 4.6894 % | 31.63888888888889 | | numeric-symbolic | 1107 | 4.5576 % | 25.74418604651163 | | numeric | 1099 | 4.5247 % | 109.9 | | upper-symbolic | 20 | 0.0823 % | 0.3389830508474576 | | upper | 12 | 0.0494 % | 0.46153846153846156 | | symbolic | 8 | 0.0329 % | 0.24242424242424243 | +------------------------------------------------------------------------+ Defcon Russia (DCG #7812) 7 +----------------------------+ | Length | Count | Of total | +----------------------------+ | 0 | 6 | 0.0247 % | | 1 | 8 | 0.0329 % | | 2 | 1 | 0.0041 % | | 3 | 9 | 0.0371 % | | 4 | 229 | 0.9428 % | | 5 | 376 | 1.548 % | | 6 | 2116 | 8.7118 % | | 7 | 1550 | 6.3815 % | | 8 | 17944 | 73.8771 % | | 9 | 1044 | 4.2982 % | | 10 | 589 | 2.425 % | | 11 | 241 | 0.9922 % | | 12 | 105 | 0.4323 % | | 13 | 44 | 0.1812 % | | 14 | 12 | 0.0494 % | | 15 | 13 | 0.0535 % | | 16 | 2 | 0.0082 % | +----------------------------+ https://digi.ninja/projects/pipal.php http://thepasswordproject.com/passpal
    8. 8. Features Defcon Russia (DCG #7812) 8 Passwords: • digits? • Lowercase chars? • … • Some kind of profit Also 1) Count 2) % from total count
    9. 9. Features Defcon Russia (DCG #7812) 9
    10. 10. Features Defcon Russia (DCG #7812) 10
    11. 11. Features Defcon Russia (DCG #7812) 11
    12. 12. Rates Defcon Russia (DCG #7812) 12
    13. 13. Rates Defcon Russia (DCG #7812) 13
    14. 14. Spec. lists Defcon Russia (DCG #7812) 14
    15. 15. Results! Defcon Russia (DCG #7812) 15 • ~3.5 billions of passwords (5 – 32 symbols) • Wi-Fi spec. dictionary ( 8 – 32) • ~ 5TB downloaded (some kind of win) • In most cases everything can be cracked!
    16. 16. FIALS! Defcon Russia (DCG #7812) 16 1) Toooo big – 40 gigs ? Really? – Hard to get (no torrent yet) 2) Junk dictionaries – Too slow with complex rules • But still rulez
    17. 17. Bicycles Defcon Russia (DCG #7812) 17 Trade-off is everything! • CPU • MEM • HD • … • Only 3.5!
    18. 18. Future? Defcon Russia (DCG #7812) 18 1) Junk remove 2) Smaller and tougher 3) Rules for dictionaries (spec. lists) 4) Online `hash` check 5) Hashcat masks – Even more info
    19. 19. Passwords! Need More! Defcon Russia (DCG #7812) 19
    20. 20. Psbdmp Defcon Russia (DCG #7812) 20
    21. 21. What? Defcon Russia (DCG #7812) 21
    22. 22. What? Defcon Russia (DCG #7812) 22 1) Collect dumps, leaks from different resources 2) Fully automatic 3) Own bot(s) with bugs and vulnerabilities So what is it was and what is it now?
    23. 23. History Defcon Russia (DCG #7812) 23 Pastebin.com only • Full access to dumps • Dull bot • Moderation ( • Search? Purpose: passwords!
    24. 24. Result Defcon Russia (DCG #7812) 24
    25. 25. History Defcon Russia (DCG #7812) 25 1) Registration! 2) Updated bot(s)! ( less FP ) 3) Added description : GAMES, site , pron and etc 4) Email for abuses. 5) Daily data 6) Twitter informing!
    26. 26. History Defcon Russia (DCG #7812) 26
    27. 27. Result Defcon Russia (DCG #7812) 27
    28. 28. Result Defcon Russia (DCG #7812) 28
    29. 29. History • More bots! • No access before registration! • Search! • Added new bots ( pastebin.ca, tinypaste.com) Defcon Russia (DCG #7812) 29
    30. 30. Now Defcon Russia (DCG #7812) 30 1) Subscriptions 2) Moderation 3) Search 4) Free
    31. 31. Dumps Defcon Russia (DCG #7812) 31
    32. 32. Dumps Defcon Russia (DCG #7812) 32
    33. 33. Same?* Defcon Russia (DCG #7812) 33
    34. 34. Features! Defcon Russia (DCG #7812) 34
    35. 35. End? Defcon Russia (DCG #7812) 35 w3akpass@yahoo.com (lol) https://twitter.com/w34kp455

    ×