Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
W3@|cP@$s
passwords, passwords never
changes
09/07/2015
DCG #7812
by
@w34kp455
What is it?
Defcon Russia (DCG #7812) 2
What is it?
1) Need more p@s$W0rdS
2) Dictionary bruteforce
3) Ultimate dictionary
– Duplicates remove
4) All in one place...
What is it?
Too many dictionaries
Too little time
Defcon Russia (DCG #7812) 4
Features
• Source and Alt. links (+
drive/dropbox/mega)
• Passwords count
• Size
• Recovery rate
– Recovery rate to size
•...
Passpal?
Charset frequency, sorted by count, full table
+-----------------------------------------------------------------...
Passpal?
Charset frequency, sorted by count, full table
+-----------------------------------------------------------------...
Features
Defcon Russia (DCG #7812) 8
Passwords:
• digits?
• Lowercase chars?
• …
• Some kind of profit
Also
1) Count
2) % ...
Features
Defcon Russia (DCG #7812) 9
Features
Defcon Russia (DCG #7812) 10
Features
Defcon Russia (DCG #7812) 11
Rates
Defcon Russia (DCG #7812) 12
Rates
Defcon Russia (DCG #7812) 13
Spec. lists
Defcon Russia (DCG #7812) 14
Results!
Defcon Russia (DCG #7812) 15
• ~3.5 billions of passwords (5
– 32 symbols)
• Wi-Fi spec. dictionary ( 8 –
32)
• ~...
FIALS!
Defcon Russia (DCG #7812) 16
1) Toooo big
– 40 gigs ? Really?
– Hard to get (no
torrent yet)
2) Junk dictionaries
–...
Bicycles
Defcon Russia (DCG #7812) 17
Trade-off is everything!
• CPU
• MEM
• HD
• …
• Only 3.5!
Future?
Defcon Russia (DCG #7812) 18
1) Junk remove
2) Smaller and tougher
3) Rules for dictionaries (spec. lists)
4) Onli...
Passwords! Need More!
Defcon Russia (DCG #7812) 19
Psbdmp
Defcon Russia (DCG #7812) 20
What?
Defcon Russia (DCG #7812) 21
What?
Defcon Russia (DCG #7812) 22
1) Collect dumps, leaks from different resources
2) Fully automatic
3) Own bot(s) with ...
History
Defcon Russia (DCG #7812) 23
Pastebin.com only
• Full access to dumps
• Dull bot
• Moderation (
• Search?
Purpose:...
Result
Defcon Russia (DCG #7812) 24
History
Defcon Russia (DCG #7812) 25
1) Registration!
2) Updated bot(s)! ( less FP )
3) Added description : GAMES, site , ...
History
Defcon Russia (DCG #7812) 26
Result
Defcon Russia (DCG #7812) 27
Result
Defcon Russia (DCG #7812) 28
History
• More bots!
• No access before registration!
• Search!
• Added new bots ( pastebin.ca, tinypaste.com)
Defcon Russ...
Now
Defcon Russia (DCG #7812) 30
1) Subscriptions
2) Moderation
3) Search
4) Free
Dumps
Defcon Russia (DCG #7812) 31
Dumps
Defcon Russia (DCG #7812) 32
Same?*
Defcon Russia (DCG #7812) 33
Features!
Defcon Russia (DCG #7812) 34
End?
Defcon Russia (DCG #7812) 35
w3akpass@yahoo.com (lol)
https://twitter.com/w34kp455
Upcoming SlideShare
Loading in …5
×

Weakpass - defcon russia 23

6,392 views

Published on

http://defcon-russia.ru

Published in: Technology
  • Be the first to comment

Weakpass - defcon russia 23

  1. 1. W3@|cP@$s passwords, passwords never changes 09/07/2015 DCG #7812 by @w34kp455
  2. 2. What is it? Defcon Russia (DCG #7812) 2
  3. 3. What is it? 1) Need more p@s$W0rdS 2) Dictionary bruteforce 3) Ultimate dictionary – Duplicates remove 4) All in one place Defcon Russia (DCG #7812) 3
  4. 4. What is it? Too many dictionaries Too little time Defcon Russia (DCG #7812) 4
  5. 5. Features • Source and Alt. links (+ drive/dropbox/mega) • Passwords count • Size • Recovery rate – Recovery rate to size • Some samples ( for better understanding) Defcon Russia (DCG #7812) 5
  6. 6. Passpal? Charset frequency, sorted by count, full table +------------------------------------------------------------------------+ | Charset | Count | Of total | Count/keyspace | +------------------------------------------------------------------------+ | lower-upper-numeric-symbolic | 24278 | 99.9547 % | 255.55789473684212 | | lower-upper-numeric | 24228 | 99.7489 % | 390.7741935483871 | | lower-numeric-symbolic | 23579 | 97.0769 % | 341.72463768115944 | | lower-numeric | 23537 | 96.9039 % | 653.8055555555555 | | lower-upper-symbolic | 4864 | 20.0255 % | 57.22352941176471 | | lower-upper | 4835 | 19.9061 % | 92.98076923076923 | | lower-symbolic | 4652 | 19.1527 % | 78.84745762711864 | | lower | 4624 | 19.0374 % | 177.84615384615384 | | upper-numeric-symbolic | 1148 | 4.7264 % | 16.63768115942029 | | upper-numeric | 1139 | 4.6894 % | 31.63888888888889 | | numeric-symbolic | 1107 | 4.5576 % | 25.74418604651163 | | numeric | 1099 | 4.5247 % | 109.9 | | upper-symbolic | 20 | 0.0823 % | 0.3389830508474576 | | upper | 12 | 0.0494 % | 0.46153846153846156 | | symbolic | 8 | 0.0329 % | 0.24242424242424243 | +------------------------------------------------------------------------+ Defcon Russia (DCG #7812) 6 +----------------------------+ | Length | Count | Of total | +----------------------------+ | 0 | 6 | 0.0247 % | | 1 | 8 | 0.0329 % | | 2 | 1 | 0.0041 % | | 3 | 9 | 0.0371 % | | 4 | 229 | 0.9428 % | | 5 | 376 | 1.548 % | | 6 | 2116 | 8.7118 % | | 7 | 1550 | 6.3815 % | | 8 | 17944 | 73.8771 % | | 9 | 1044 | 4.2982 % | | 10 | 589 | 2.425 % | | 11 | 241 | 0.9922 % | | 12 | 105 | 0.4323 % | | 13 | 44 | 0.1812 % | | 14 | 12 | 0.0494 % | | 15 | 13 | 0.0535 % | | 16 | 2 | 0.0082 % | +----------------------------+ https://digi.ninja/projects/pipal.php http://thepasswordproject.com/passpal
  7. 7. Passpal? Charset frequency, sorted by count, full table +------------------------------------------------------------------------+ | Charset | Count | Of total | Count/keyspace | +------------------------------------------------------------------------+ | lower-upper-numeric-symbolic | 24278 | 99.9547 % | 255.55789473684212 | | lower-upper-numeric | 24228 | 99.7489 % | 390.7741935483871 | | lower-numeric-symbolic | 23579 | 97.0769 % | 341.72463768115944 | | lower-numeric | 23537 | 96.9039 % | 653.8055555555555 | | lower-upper-symbolic | 4864 | 20.0255 % | 57.22352941176471 | | lower-upper | 4835 | 19.9061 % | 92.98076923076923 | | lower-symbolic | 4652 | 19.1527 % | 78.84745762711864 | | lower | 4624 | 19.0374 % | 177.84615384615384 | | upper-numeric-symbolic | 1148 | 4.7264 % | 16.63768115942029 | | upper-numeric | 1139 | 4.6894 % | 31.63888888888889 | | numeric-symbolic | 1107 | 4.5576 % | 25.74418604651163 | | numeric | 1099 | 4.5247 % | 109.9 | | upper-symbolic | 20 | 0.0823 % | 0.3389830508474576 | | upper | 12 | 0.0494 % | 0.46153846153846156 | | symbolic | 8 | 0.0329 % | 0.24242424242424243 | +------------------------------------------------------------------------+ Defcon Russia (DCG #7812) 7 +----------------------------+ | Length | Count | Of total | +----------------------------+ | 0 | 6 | 0.0247 % | | 1 | 8 | 0.0329 % | | 2 | 1 | 0.0041 % | | 3 | 9 | 0.0371 % | | 4 | 229 | 0.9428 % | | 5 | 376 | 1.548 % | | 6 | 2116 | 8.7118 % | | 7 | 1550 | 6.3815 % | | 8 | 17944 | 73.8771 % | | 9 | 1044 | 4.2982 % | | 10 | 589 | 2.425 % | | 11 | 241 | 0.9922 % | | 12 | 105 | 0.4323 % | | 13 | 44 | 0.1812 % | | 14 | 12 | 0.0494 % | | 15 | 13 | 0.0535 % | | 16 | 2 | 0.0082 % | +----------------------------+ https://digi.ninja/projects/pipal.php http://thepasswordproject.com/passpal
  8. 8. Features Defcon Russia (DCG #7812) 8 Passwords: • digits? • Lowercase chars? • … • Some kind of profit Also 1) Count 2) % from total count
  9. 9. Features Defcon Russia (DCG #7812) 9
  10. 10. Features Defcon Russia (DCG #7812) 10
  11. 11. Features Defcon Russia (DCG #7812) 11
  12. 12. Rates Defcon Russia (DCG #7812) 12
  13. 13. Rates Defcon Russia (DCG #7812) 13
  14. 14. Spec. lists Defcon Russia (DCG #7812) 14
  15. 15. Results! Defcon Russia (DCG #7812) 15 • ~3.5 billions of passwords (5 – 32 symbols) • Wi-Fi spec. dictionary ( 8 – 32) • ~ 5TB downloaded (some kind of win) • In most cases everything can be cracked!
  16. 16. FIALS! Defcon Russia (DCG #7812) 16 1) Toooo big – 40 gigs ? Really? – Hard to get (no torrent yet) 2) Junk dictionaries – Too slow with complex rules • But still rulez
  17. 17. Bicycles Defcon Russia (DCG #7812) 17 Trade-off is everything! • CPU • MEM • HD • … • Only 3.5!
  18. 18. Future? Defcon Russia (DCG #7812) 18 1) Junk remove 2) Smaller and tougher 3) Rules for dictionaries (spec. lists) 4) Online `hash` check 5) Hashcat masks – Even more info
  19. 19. Passwords! Need More! Defcon Russia (DCG #7812) 19
  20. 20. Psbdmp Defcon Russia (DCG #7812) 20
  21. 21. What? Defcon Russia (DCG #7812) 21
  22. 22. What? Defcon Russia (DCG #7812) 22 1) Collect dumps, leaks from different resources 2) Fully automatic 3) Own bot(s) with bugs and vulnerabilities So what is it was and what is it now?
  23. 23. History Defcon Russia (DCG #7812) 23 Pastebin.com only • Full access to dumps • Dull bot • Moderation ( • Search? Purpose: passwords!
  24. 24. Result Defcon Russia (DCG #7812) 24
  25. 25. History Defcon Russia (DCG #7812) 25 1) Registration! 2) Updated bot(s)! ( less FP ) 3) Added description : GAMES, site , pron and etc 4) Email for abuses. 5) Daily data 6) Twitter informing!
  26. 26. History Defcon Russia (DCG #7812) 26
  27. 27. Result Defcon Russia (DCG #7812) 27
  28. 28. Result Defcon Russia (DCG #7812) 28
  29. 29. History • More bots! • No access before registration! • Search! • Added new bots ( pastebin.ca, tinypaste.com) Defcon Russia (DCG #7812) 29
  30. 30. Now Defcon Russia (DCG #7812) 30 1) Subscriptions 2) Moderation 3) Search 4) Free
  31. 31. Dumps Defcon Russia (DCG #7812) 31
  32. 32. Dumps Defcon Russia (DCG #7812) 32
  33. 33. Same?* Defcon Russia (DCG #7812) 33
  34. 34. Features! Defcon Russia (DCG #7812) 34
  35. 35. End? Defcon Russia (DCG #7812) 35 w3akpass@yahoo.com (lol) https://twitter.com/w34kp455

×