Weakpass - defcon russia 23

W3@|cP@$s
passwords, passwords never
changes
09/07/2015
DCG #7812
by
@w34kp455

What is it?
Defcon Russia (DCG #7812) 2

What is it?
1) Need more p@s$W0rdS
2) Dictionary bruteforce
3) Ultimate dictionary
– Duplicates remove
4) All in one place

What is it?
Too many dictionaries
Too little time

Features
• Source and Alt. links (+
drive/dropbox/mega)
• Passwords count
• Size
• Recovery rate
– Recovery rate to size
• Some samples ( for better
understanding)

Passpal?
Charset frequency, sorted by count, full table
+------------------------------------------------------------------------+
| Charset | Count | Of total | Count/keyspace |
+------------------------------------------------------------------------+
| lower-upper-numeric-symbolic | 24278 | 99.9547 % | 255.55789473684212 |
| lower-upper-numeric | 24228 | 99.7489 % | 390.7741935483871 |
| lower-numeric-symbolic | 23579 | 97.0769 % | 341.72463768115944 |
| lower-numeric | 23537 | 96.9039 % | 653.8055555555555 |
| lower-upper-symbolic | 4864 | 20.0255 % | 57.22352941176471 |
| lower-upper | 4835 | 19.9061 % | 92.98076923076923 |
| lower-symbolic | 4652 | 19.1527 % | 78.84745762711864 |
| lower | 4624 | 19.0374 % | 177.84615384615384 |
| upper-numeric-symbolic | 1148 | 4.7264 % | 16.63768115942029 |
| upper-numeric | 1139 | 4.6894 % | 31.63888888888889 |
| numeric-symbolic | 1107 | 4.5576 % | 25.74418604651163 |
| numeric | 1099 | 4.5247 % | 109.9 |
| upper-symbolic | 20 | 0.0823 % | 0.3389830508474576 |
| upper | 12 | 0.0494 % | 0.46153846153846156 |
| symbolic | 8 | 0.0329 % | 0.24242424242424243 |
+------------------------------------------------------------------------+
+----------------------------+
| Length | Count | Of total |
+----------------------------+
| 0 | 6 | 0.0247 % |
| 1 | 8 | 0.0329 % |
| 2 | 1 | 0.0041 % |
| 3 | 9 | 0.0371 % |
| 4 | 229 | 0.9428 % |
| 5 | 376 | 1.548 % |
| 6 | 2116 | 8.7118 % |
| 7 | 1550 | 6.3815 % |
| 8 | 17944 | 73.8771 % |
| 9 | 1044 | 4.2982 % |
| 10 | 589 | 2.425 % |
| 11 | 241 | 0.9922 % |
| 12 | 105 | 0.4323 % |
| 13 | 44 | 0.1812 % |
| 14 | 12 | 0.0494 % |
| 15 | 13 | 0.0535 % |
| 16 | 2 | 0.0082 % |
+----------------------------+
https://digi.ninja/projects/pipal.php
http://thepasswordproject.com/passpal

Features
Passwords:
• digits?
• Lowercase chars?
• …
• Some kind of profit
Also
1) Count
2) % from total count

Features

Rates

Spec. lists

Results!
• ~3.5 billions of passwords (5
– 32 symbols)
• Wi-Fi spec. dictionary ( 8 –
32)
• ~ 5TB downloaded (some
kind of win)
• In most cases everything can
be cracked!

FIALS!
1) Toooo big
– 40 gigs ? Really?
– Hard to get (no
torrent yet)
2) Junk dictionaries
– Too slow with
complex rules
• But still rulez

Bicycles
Trade-off is everything!
• CPU
• MEM
• HD
• …
• Only 3.5!

Future?
1) Junk remove
2) Smaller and tougher
3) Rules for dictionaries (spec. lists)
4) Online `hash` check
5) Hashcat masks
– Even more info

Passwords! Need More!

Psbdmp

What?

What?
1) Collect dumps, leaks from different resources
2) Fully automatic
3) Own bot(s) with bugs and vulnerabilities
So what is it was and what is it now?

History
Pastebin.com only
• Full access to dumps
• Dull bot
• Moderation (
• Search?
Purpose: passwords!

Result

History
1) Registration!
2) Updated bot(s)! ( less FP )
3) Added description : GAMES, site , pron and etc
4) Email for abuses.
5) Daily data
6) Twitter informing!

History

Result

History
• More bots!
• No access before registration!
• Search!
• Added new bots ( pastebin.ca, tinypaste.com)

Now
1) Subscriptions
2) Moderation
3) Search
4) Free

Dumps

Same?*

Features!

End?
w3akpass@yahoo.com (lol)
https://twitter.com/w34kp455

Weakpass - defcon russia 23

More Related Content

What's hot

More from DefconRussia

Recently uploaded

Weakpass - defcon russia 23

Editor's Notes