Other 10 OMFG

Ahhhhhh! I used the argon wordlists v1 and v2. I used a full English dictionary wordlist. I used other general dictionary wordlists. I used slang wordlists.

I have now found out what the password is and I simply must say this… How the HELL was that word not in ANY of the dictionaries and wordlists that I used?

Grrrrr… 5 challenge points earned… For something that should have been so easy and yet was insanely hard.

Had or did anyone else encounter as much frustration with this challenge as I did?

ahhaha unlucky :P I havent done it yet. But i do need help on. it. Any advice?

Why don't u try jtr? ;)

im at work lol. Im pretty sure they dont have JTR here or allow me to download it ^^

lol, :D

well ive got that data tamper but i dont see how thats helping :/ Any tips or help or anything lol?

wrong thread lol.

wrong thread lol.

Haha yeah it would appear so.

Yep just use JTR and hope you're lucky enough to get a wordlist that has what you need. Big doesn't necessarily mean good in this case.

As if your workplace doesn't have JTR… shame on them lol

You dont even need a wordlist for this one, its easy for a reason. just save the hash in hash.txt and run:

./john hash.txt

Shouldn't take too long.

It tooked me 2 or 3 minutes.

Wow, I finished it in like 30 seconds, And as for it not being in any of those word list, Where exactly did you get those?

yours31f wrote: Wow, I finished it in like 30 seconds, And as for it not being in any of those word list, Where exactly did you get those?

Google not good enough for yah, boii?

macfarlanet wrote: As if your workplace doesn't have JTR… shame on them lol

Lol I know right. Gawd they should be more conisderate to me ^_^

I had a little bit of trouble with this one, but the mil-worm list knocked it out in 3 seconds. :D

OMG I should have used the milworm list.

How does the milworm list have it but not the 2 Gig Argon list?

I used that and a bunch of other English dictionary lists, I dunno I must have just been really unlucky. As for brute-forcing I had it going for around 2 hours before deciding that that wasn't gonna give me the answer any time soon.

spyware wrote: [quote]yours31f wrote: Wow, I finished it in like 30 seconds, And as for it not being in any of those word list, Where exactly did you get those?

Google not good enough for yah, boii?[/quote] no the reason i ask is so that i dont use the same resource to get word lists.

macfarlanet wrote: How does the milworm list have it but not the 2 Gig Argon list? Did you use a compressed wordlist without extracting it first? xD

um yeah it was uncompressed lol. The Argon let me down :(

You should have kept at it, I tried it again bruteforce with jtr (dual core 2.4) and got it in 1:44:00.

No kidding. I waste hours finding wordlists, download the argon, finally download m****** wordlist, and get it in one second flat? Arrgh!

jjbutler88 wrote: You dont even need a wordlist for this one, its easy for a reason. just save the hash in hash.txt and run:

./john hash.txt

Shouldn't take too long.

I'm bruteforceing for 14 hours now with 190.000 c/s and did not cracked the hash yet. Is that normal?

Dunuin wrote: [quote]jjbutler88 wrote: You dont even need a wordlist for this one, its easy for a reason. just save the hash in hash.txt and run:

./john hash.txt

Shouldn't take too long.

I'm bruteforceing for 14 hours now with 190.000 c/s and did not cracked the hash yet. Is that normal?[/quote]

Nope, your doing something wrong.

its a dead common word, nothing hard, almost guessable.

Bruteforcing is very brute. Try running a dictionary attack first. Much, much more efficient that way.

If you need a good list get The Argon list.

Ok, thx. I have aborted bruteforceing now and started a dictionary attack, which cracked the hash in under 1 second.

I love resident evil milla is a hotty

4rm4g3dd0n wrote: I love resident evil milla is a hotty

What does this have to do with anything?

And, what wordlist did you use for this one?

It actually has a lot to do with it if you have beaten it think of her sweet ass and the plot of the movie

Hey is it possible to use Cain and Able to crack the hash?

john_the_man42 wrote: Hey is it possible to use Cain and Able to crack the hash? Unless you're talking about the biblical figures, then yes. Cain and Abel is used to crack hashes.

ynori7 wrote: Unless you're talking about the biblical figures, then yes. Cain and Abel is used to crack hashes.

Cain can't crack DES for this one you should use JTR (John The Ripper) I have tried bruteforcing it, but after 11 and a half hours, no success

guesses: 0 time: 0:11:29:20 (3) c/s: 195442 trying: tisCOKET - tisCOKe1

on P4 3.2 Ghz and 1G of ram

During this I also tried dictionary attack. I've used various wordlists, including TheArgon V1, TheArgon V2, jargon wordlists, language(including 31337 speaking, english, chinese, spanish, etc), technical_dictionary, unix-words, websters.. etc

But still, even if i had 2 instances of JTR running (bruteforcing and dictionary attack), no success. I took a nap leaving the bruteforcer to work.. when I woke up, still no success.

I also made a batch file to run jtr with all the wordlists in a specific folder (I have many wordlists :D)

None of this worked.

The problem was that this word wasn't in any of those wordlists. That's very strange because it's a very common word, especially for us :P

So, what you have to do is:

 Just search for another wordlist. Now I'm not going to tell you which one to use because I would spoil everything. I'm just gonna tell ypu that this list is on a website, near a very comperhensive wordlist. While you're there you can also download the comperhensive one, because I believe that it is of great use, since

it contains many well-known lists, including the Argon wordlist, all the dictionaries in JibbaJabber, milw0rm list, and many many others.

So, now, the challenge is to find this list. I don't know that if the one who created this challenge did know that the word can only be found there, but if he did, it's a great thing because this challenge made me discover this great wordlist.

In conclusion, this is the final JTR line for this password:

guesses: 1 time: 0:00:00:00 100% c/s: 17702 trying:

it took less than a second.

Oh, and a final piece of advise:

When you have to do an off-line password cracking.. that is you have the hash on your system and you're running the cracking on your machine, best is to run a bruteforcer from start, and leave it running. Only then try dictionary-attacks on the hash. This way, if your dictionary attacks don't work, you did'n waste any time because the bruteforcer was already running, and you don't have to start it now, when you already have spent some time with dictionary-attacks.

DO NOT do this unless the cracking software is runing on your machine (bruteforcing takes pretty large amount of system resources, so if you're using another system, the sysadmin might notice a strange increase in resource usage" oh.. and for those who will say.. "but you can tell the cracking software not so use so many resources" : If it doesn't use as much resources as it can, it won't be effective at all. Woud you crack a pass with 100 c/s ? No you wouldn't.. well, not in a few months, years - depending on the password :)

Thank you for reading this, and I hope it helps

oh.. and a little off-topic question.. can JTR only crack passwords up to 8 characters?

TommyCat wrote: oh.. and a little off-topic question.. can JTR only crack passwords up to 8 characters?

No, there is no limit to the password length. However, for most machines the password entropy becomes too much for the machine to crack a password over 8 or 9 characters in a decent amount of time.

As for running the bruteforcer in the background, that makes no difference at all. The bruteforcer is then fighting for resources with the wordlist attacks, which evens out in the end anyways. Afaik, it should be identical time no matter whether or not you ran them parallel, unless JTR only uses a single core/thread.