Cryptohaze.com

There is one place where you can get an edge on all the other GPU crackers. LM algorithm with multi-hash. I have been requesting this all over the place but nobody has a working reliable product. I would not care even if It would use only half of the hash as input like in this example:

hash:E52CAC67419A9A22A401F3598E03E0CF
Decrypted password:PASSWORD!@#$
Input for the cracker would be: E52CAC67419A9A22 and A401F3598E03E0CF.
Output would be E52CAC67419A9A22:PASSWOR and A401F3598E03E0CF:D!@#$

Lastly, to make your product perfect, Multi-GPU support would be great. If you implement this, please include switches that allows selecting or disabling some GPUs (I have that problem with BarsWF cracker). Thanks for the good work.

i hope someone will be so kind to tell me these pass:

Hashes removed, this is NOT A HASH CRACKING HELP FORUM kthxbye.

thank you

It seems to be a very difficult quest to add support for MySQL5 hashes.

rtnewb wrote:It seems to be a very difficult quest to add support for MySQL5 hashes.

Yeah, haven't been doing much dev lately.

I'm working on refactoring the code to use C++ and various factory functions to make adding new hashes much easier. Once I do this, I'll probably set up SVN and document the interfaces, so people can easily add new hash types. I just don't have the time for everything right now.

I'd very much like to see support for salted passwords, especially those in /etc/shadow format. I want to use this tool for professional penetration testing, and throwing customer's hashes into google or some web service is not an option.

For the same reason, rainbow tables (or the possibility to create rainbow tables) of length > 10 would be awesome!

Hashes in /etc/shadow are salted which makes rainbow tables worthless. Also you can't crack multiple hashes at the same time and have it be faster than one at a time if all the salts are unique. Having unique salts is normally the case with the exception of the DES crypt because that only has 12 bits of salt so having more than 64 hashes there's a good chance there's a duplicate salt.

mentat wrote:I'd very much like to see support for salted passwords, especially those in /etc/shadow format. I want to use this tool for professional penetration testing, and throwing customer's hashes into google or some web service is not an option.

For the same reason, rainbow tables (or the possibility to create rainbow tables) of length > 10 would be awesome!

Salted hashes will show up at some point, though as Sc00bz mentions, you don't gain speed with them for the most part.

As far as rainbow tables, NTLM len8 tables will be on the order of a few TB. Going larger for full US charset will get into the range of 10s to 100s of TB - that's not yet feasible to create/sell. Unless I'm selling disk chassis loaded down with a few dozen disks, and then the cost for that setup would be rather absurd.