Conversation

Notices

1. Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 24-Jan-2024 04:15:22 JST Foone🏳️‍⚧️

   do you ever think about building a supercomputer cluster to crack NTLM hashes?

   or is that just me?

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 24-Jan-2024 04:26:12 JST Foone🏳️‍⚧️

     in reply to

     • ✧✦✶✷Catherine✷✶✦✧

     @whitequark yeah, I'm going to use them eventually. I'm currently hashcatting my way through 8-character, because I can't yet afford to spend 7TB on the 9-character rainbow tables (and I have more CPU power & time than bandwidth, so I'm not using the 8-character rainbow tables)

   • ✧✦✶✷Catherine✷✶✦✧ (whitequark@mastodon.social)'s status on Wednesday, 24-Jan-2024 04:26:13 JST ✧✦✶✷Catherine✷✶✦✧

     in reply to

     @foone rainbow tables are pretty good (but i bet you know about these already)

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 24-Jan-2024 04:47:18 JST Foone🏳️‍⚧️

     in reply to

     • ✧✦✶✷Catherine✷✶✦✧
     • Peter Bindels

     @dascandy42 @whitequark god, a system with 7TB of ram is an almost orgasmic idea.
     I once installed windows server 2016 into a ramdisk, and I've been chasing that high ever since

   • Peter Bindels (dascandy42@mastodon.social)'s status on Wednesday, 24-Jan-2024 04:47:19 JST Peter Bindels

     in reply to

     • ✧✦✶✷Catherine✷✶✦✧

     @foone @whitequark 7TB memory, ssd or harddisk?

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 24-Jan-2024 05:02:53 JST Foone🏳️‍⚧️

     in reply to

     • ✧✦✶✷Catherine✷✶✦✧
     • immibis
     • Peter Bindels

     @immibis @dascandy42 @whitequark I'm a retrocomputerist. this is from an NT system installed in 1996

   • immibis (immibis@social.immibis.com)'s status on Wednesday, 24-Jan-2024 05:02:55 JST immibis

     in reply to

     • ✧✦✶✷Catherine✷✶✦✧
     • Peter Bindels
     @dascandy42 @foone @whitequark AFAIK rainbow tables can be stored on hard disks. The better question: What kind of ancient design is still vulnerable to rainbow tables?
   • Peter Bindels (dascandy42@mastodon.social)'s status on Wednesday, 24-Jan-2024 05:12:34 JST Peter Bindels

     in reply to

     • ✧✦✶✷Catherine✷✶✦✧
     • immibis

     @foone @immibis @whitequark Didn't that one fold over passwords to fit in 7 chars first?

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 24-Jan-2024 05:12:34 JST Foone🏳️‍⚧️

     in reply to

     • ✧✦✶✷Catherine✷✶✦✧
     • immibis
     • Peter Bindels

     @dascandy42 @immibis @whitequark I think that's the LM password. The full NTLM password can be a massive 14 characters.
     (and annoyingly, I can't just use the 7-character passwords, I need the whole version for cracking-reused-passwords reasons)

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 24-Jan-2024 06:22:45 JST Foone🏳️‍⚧️

     in reply to

     • kajer

     @kajer cool! I may hit you up about that, I'm waiting to see how many I can crack on my own first

   • kajer (kajer@infosec.exchange)'s status on Wednesday, 24-Jan-2024 06:22:46 JST kajer

     in reply to

     @foone I have a hastopolis server I was using for defcon's "crack me if you can" contest. I have a lot of GPU if you just need brute force.

   • brett (brett@brettiverse.com)'s status on Wednesday, 24-Jan-2024 09:04:00 JST brett

     in reply to
     @foone If you also have access to LM hashes, cracking those and then using `hashcat -a 6 hashes crackedlmpasswords.txt "?a?a?a?a?a?a?a" -i` will let you get 14char random passwords, though for retrocomputing era-passwords you can probably just run through /usr/share/dict/words and get a fair percentage.