Wednesday, June 6, 2012

Cracking the 3.5 Million Password Hashes That Were Redacted

The release of millions of SHA1 hashes from linkedin.com has the internet all buzzing today... but then comes the news that 3.5 million of them have the first 5 characters redacted and replaced with 00000.
Well, if we don't have the entire hash we can't crack them... Oh wait, we still have the remaining 36 characters to do a comparison against.
So let's try this:
First, let's get just the hashes that start with the 00000. Looks like there are 3,521,180.


Now, for each line in our word list (WORDS.txt) lets calculate the SHA1 hash, chop off the first 5 characters, and compare that to our hashes list. If the partial hash is there, echo the password to the screen.
For those that can't see that, the command is:
for i in `cat WORDS.txt` ; do grep -q `echo -n $i | sha1sum |  cut -b6-41` SHA1-0s.txt  && echo $i  ; done



And boom, there are thousands of passwords scrolling down the screen.
Enjoy.

9 comments:

  1. Nice one! Ignoring (or rather wildcarding) first couple of chars in a sha1 significantly raises collision probability, doesn't it? I wonder if you ran the script with mangles WORDS.txt file or even a different dictionary, would you get different results for same hashes :)

    ReplyDelete
    Replies
    1. It certainly raises collision probability, but I'm not sure how significant it is. You still have 36 bytes of the hash... 1e4c9b93f3f0682250b6cf8331b7ee68fd8 is still a decent hash. :) Especially for our purposes, a 1 out of a billion collision doesn't really matter.
      The dictionary I used is just a bunch of passwords I've cracked from some of the other public breaches. It's just 144,456 uniques... and was really just to show the concept. You'd do much better with a good dictionary like the g0tmilk list, and with some mangling added.

      ***Also, I wrote this post within a few hours of the hashes being
      released. The have since released a custom version of hashcat that has an added option (-m 150) that will crack the redacted hashes.

      Delete
  2. This comment has been removed by a blog administrator.

    ReplyDelete
  3. This comment has been removed by a blog administrator.

    ReplyDelete
  4. This comment has been removed by a blog administrator.

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. Hello Everyone !

    USA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.

    All SSN's are Tested & Verified.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If you buy in bulk, will give you discount
    *Sampling is just for serious buyers

    ->Hope for the long term business
    ->You can buy for your specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    ReplyDelete
  7. เลือกเล่นได้ตามความต้องการ สนุก เพลิดเพลินไปกับ สล็อตเว็บตรงไม่ผ่านเอเย่นต์ แตกง่าย ใหม่ล่าสุด ระบบออโต้ที่ดีที่สุด

    เว็บสล็อต มาใหม่ 2022 พร้อมให้คุณสร้างรายได้สมัครแล้ววันนี้

    สล็อตเครดิตฟรี สมัครง่ายรวดเร็ว พร้อมรับเครดิตฟรี ได้เลย ไม่มีเงื่อนไข

    ReplyDelete