We'll use John the Ripper, and as a target we'll use the MilitarySingles.com md5 password hashes that were released by the artist formerly known as lulzsec.
First, let's hack out a quick script that will get relevant tweets for us. And yes, I use a lot of tabs. And I know I can do this cleaner... I'm in a get it done quick mood.
(EDIT: thanks to Supercow1127 and TheShadowFog for pointing out better ways to deal with JSON. See jshon, jsawk, etc).
FROM OUR WORD LIST OF 4400 WORDS, WE YIELDED 1978 PASSWORDS!
And that's 1978 uniques. The number of accounts we actually cracked with these 1978 passwords is actually even more than 4400 accounts cause many use the same passwords as each other, and with the mangling rules John tries ~300 mutations of each word in the list (semperfi gives us semperFi, semperfi1, semperfi123, etc).
This is a very small example of what can be done to generate more relevant password lists using twitter/websites/social media to supply you with the related words. Download john, hash your passwords, build a list of words relevant to your organization, and test the security of your passwords. Heck, we haven't even started talking about GPUs and oclhashcat, but we'll leave that for another time.
Until next time, if you're going to hack, hack effectively.
And props to Kevin Young. Thanks for all the lengthy discussions about password security. I truly enjoy picking your brain.
Pretty good! I don't usually read blogs but I guess I'll subscribe lol.
ReplyDeleteHello Everyone !
DeleteUSA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.
All SSN's are Tested & Verified.
**DETAILS IN LEADS/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS
*Price for SSN lead $2
*You can ask for sample before any deal
*If you buy in bulk, will give you discount
*Sampling is just for serious buyers
->Hope for the long term business
->You can buy for your specific states too
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
Good lord.... that's pretty damned effective!
ReplyDeleteIt would be interesting to see how effective the words from twitter were by themselves, without the targeted keywords.
ReplyDeleteI agree. The idea that there's an increase in efficiency for single words over a standard random wordlist would be shown out in the differences between targeted twitter searches and random searches. I do think there are other cool things you can do with this sort of thing, such as finding word combinations that people commonly use. Coming up with the password iloveJustinBeiber2010 wouldn't really be that easy by just mangling an entire dictionary of words together, but by searching twitter for strings (I think) you could really increase your chances.
DeleteYes! I think so too, re finding commonly used word combinations. Here's an idea: Identify a subset of users that generates a decent amount of Twitter traffic, and has a strong thematic commonality. That is exactly what you did here. Harvest the content over a 6-month interval. That forms a corpus of all-English language text. Unstructured text analysis programs are common. They aren't so great for inferring complex behavioral trends. But current text analytics algorithms should be more than adequate for finding 2 or 3-word combo's as likely passwords!
DeleteAre you familiar with the Google N-gram Viewer? 2-word combo's are bi-gram's, 3 words are tri-gram's, thus "n-gram". Stray thought: Use the N-gram Viewer to find UserID-password combo's. Use a good text corpus e.g. single military service people's Twitter content.
I'm doing the same with RSS feeds, compiling Country/Topic specific Wordlists is very comfortable that way.
ReplyDeleteLanguage specific dumps of wikipedia, if sorted by wordlength, work very well too.
This was interesting. I have a really large wordlist and I was interested in what words the twitter search found that wasn't already in my wordlist that also resulted in a successful crack of another md5 hash. I got 24,197 of them from my own word list but there were eight that only came from the twitter search terms used in this post and most look like military terms or military slang. Thanks for the interesting diversion.
ReplyDeleteThat is exactly it Joel, thanks for the comment. This is definitely not the way to generate your main wordlists, but it really does turn up great words (or word combinations) that you won't find in a normal wordlist, and that is current and relevant. Its that jargon, slang, etc that help with those more hard to reach passwords.
ReplyDeleteIt might be even more productive at getting industry specific words by adding a bit of recursion. Do your first search and then search again with any words found that are not already in your master wordlist. That way terms you thought of can lead you to jargon or slang that you are not familiar with personally but are to a person in the industry or group.
ReplyDeleteYes, it does work quite well recursively. I was doing a bit of that already, but I figured I'd keep it simple for this post and let others build on it. Nice thinking. ;)
DeleteThis comment has been removed by the author.
ReplyDeleteHello guys,
ReplyDeleteI was wondering if there was any way to make a wordlist using twittter usernames only? I think that could be more than helpful to find passwords made of name+numbers or noun+numbers.
Indeed, I noticed that of all the WPA passphrases that I've managed to crack thanks to gigantic dictionaries, a vast majority of those passwords were actually used as twitter usernames. ex: xavier1401, popolopopopopo etc.
Any ideas?
Cheers
That's a great idea, and I'm sure there's a way. There are lists of facebook usernames floating around that make good password cracking dictionaries as well.
DeleteJoshua
ReplyDeleteQuick one as I am trying to understand this and I am a bit of a rookie. Where did you get the militarysingles hashes from?
The hashes were released publicly by a hacker group claiming to be Lulzsec. When hashes are released publicly (like the linkedin ones this week) you can usually find them by googling around a bit. Get em while they're hot, sometimes they become hard to find later.
DeleteThis comment has been removed by a blog administrator.
ReplyDeleteOK so you used twitter and john the ripper to create a unique password list. Clever, I get it, but where does the Militarysingles.com password hash come into play?
ReplyDeleteThe point of using twitter rather than a standard huge dictionary is to be more targeted. Gotta have a target picked out to be targeted. :)
DeleteHence the military and dating related keywords I searched for....
Well...I suggest replace wget with curl. When do that you can make it in one line for exaple as alias and then you don't have a tempfile.
ReplyDelete"And I know I can do this cleaner... I'm in a get it done quick mood."
DeleteJust wondering, how could you modify this to grab words from a specific twitter log....or even a different website such as facebook, google+ or wikipedia
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteGreat Stuff Joshua
ReplyDeleteMay I suggest to grab your 1400 words, run a calc_stat and then do a --markov220:0:0:12 --stdout > myfile.txt
I had surprisingly good results with the Markov chains.
I've copied this exactly and I get a "no such file or directory" error when I try to run the script? Neat idea btw!
ReplyDeletehis is my first time i visit here. I found so many entertaining stuff in your blog, especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the leisure here! Keep up the excellent work. Buy twitter followers
ReplyDeleteYour blog is nice keep posting very informative post. Buy Youtube Views
ReplyDeletewow no wonder best engineer are creators of big websites like social media, twitter, people should start sharing on how to create one, you should try this social media boost
ReplyDeleteI cannot thank you enough for the blog post.Really looking forward to read more. Awesome.
ReplyDeletehow can i get Buy keek Free Trial on keek and get followers on keek fast and free
Thank you very much for your kindness and efforts to helping us in many ways. More powers to you.
ReplyDeleteBuy Vine Trial
I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.
ReplyDeleteLook into my web page :
- Buy Instagram Likespread || Buy keek Package
Now that Twitter has switched their search over to a new system that requires authentication, what do you think would be the easiest method of building this kind of list?
ReplyDeletetwofi.rb:131:in `+': can't convert nil into Array (TypeError)
Deletefrom twofi.rb:131:in `block in '
from twofi.rb:129:in `each'
from twofi.rb:129:in `'
This is a fantastic website and I can not recommend you guys enough. I really appreciate your post. It is very helpful for all the people on the web.
ReplyDeleteI personally like this blog very much and suggest you best paraphrasing website which is perfect and provide authentic information.
ReplyDeleteJharkhand Labour Department Recruitment 2016
ReplyDeleteVery good information, keep sharing this type of posts....
Collections from the design labels such as pas cher trx and other beauty are released after every six months.
ReplyDeleteWith every new launch, a new penny skateboards cheap online technology is developed.
This had led to making TRX For Sale remain competitive in the International market.
The entire pas cher trx packaging process is paid into detail to enhance the collections quality and appearance.
Now everyone can own high-end designer trx france.
TRX Suspension Training Sale being one of the largest and most prominent fashion company in the world, it has an obligation of beating the standards set by others.
The fashion world, with a higher concentration on Discount TRX Sale, needs to provide the best packaging services that the modern world has ever seen.
TRX Suspension Training On Sale plays a major role in creating a brand name that fashion lovers want to identify with.
One can increase their integrity by buy real Facebook post likes. There are three main marketing techniques which are used for this work. The first is the use of keywords. When keywords are searched for regarding a particular topic, the page is going to appear in the top three results and people would be attracted to the page. The second technique is of the use of hashtags which is very popular nowadays to get fans by this interesting way by describing feeling about the page. Henceforth, people would be attracted and would visit the page. Third technique is using one’s interest. People tending to have similar interests in the content of page would definitely be attracted to your page. The page would come into sight on their timeline and they will see it. Before buying likes, one must be certain to have a strong profile image and an amazing cover which totally describes the page.
ReplyDeleteWhat about Ready Password list ?
ReplyDeletePassword Dictionary
PC amusements as blessings are an awesome thought particularly for children who loves to draw, to compose verse. clash royale cheats
ReplyDeleteThese are diversions that can help kids expand their hand and eye coordination and showing kids through intuitive lessons. square quick online
ReplyDeleteSome PC amusements that are fitting for more established children are the pretending diversions. yandere simulator download
ReplyDeleteImpressive web site, Distinguished feedback that I can tackle. Im moving forward and may apply to my current job as a pet sitter, which is very enjoyable, but I need to additional expand. Regards.
ReplyDeleteclash royale free gems
amazing post so thanks for this.
ReplyDeleteInternet explorer support
thanks
ReplyDeleteI recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often. make a website
ReplyDeleteHyperbaric Oxygen Therapy (HBOT) is commonly used for overall health and wellness including anti-ageing and beauty, sports endurance and recovery, improving energy levels and in the treatment and management of chronic conditions and disease."
ReplyDeleteAcupuncture in London
|London Acupuncture Therapy
|Colonic Irrigation London
|Colon Hydrotherapy
|Hyperbaric Oxygen Therapy London
|Hypnotherapy
Hello Everyone !
ReplyDeleteUSA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.
All SSN's are Tested & Verified.
**DETAILS IN LEADS/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS
*Price for SSN lead $2
*You can ask for sample before any deal
*If you buy in bulk, will give you discount
*Sampling is just for serious buyers
->Hope for the long term business
->You can buy for your specific states too
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
Interpages
ReplyDeleteGuest Blogger
Guest Blogging Site
Guest Blogging Website
Guest Posting Site
There’s definately a lot to know about this issue. I really like all the points you made. I feel very grateful that I read this. It is very helpful and very informative and I really learned a lot from it. Feel free to visit my website; 토토사이트
ReplyDeleteI was very pleased to find this site. I wanted to thank you for this great read!! I definitely enjoy every little bit of it and I have you bookmarked to check out new stuff you post. 한국야동
ReplyDeleteit’s really a nice and useful piece of information. I’m happy that you simply shared this helpful information with us. Please keep us informed like this. Thank you for sharing. 야설
ReplyDeleteI’m more than happy to discover this great site. I need to to thank you for ones time for this wonderful read!! I definitely enjoyed every part of it 야동
ReplyDeleteIt’s really a cool and useful piece of info. I’m glad that you shared this useful info with us. Please keep us informed like this. Thanks for sharing. 국산야동
ReplyDeleteEverything is very open with a really clear explanation of the challenges. It was really informative. Your website is very useful. Many thanks for sharing!
ReplyDelete토토
온라인경마
I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. I hope to have many more entries or so from you.
ReplyDeleteVery interesting blog.
softwarezpro.info
Hide All IP Crack
Wow, amazing block structure! How long
ReplyDeleteHave you written a blog before? Working on a blog seems easy.
The overview of your website is pretty good, not to mention what it does.
In the content!
vstkey.com
PUSH Video Wallpaper Crack
FL Studio Crack
LD Player Crack
Enscape 3D Crack
IDM Crack
PhpStorm Crack
Redshift Render Crack
7 Habits Of Highly Effective Hackers: Using Twitter To Build Password Cracking Wordlist >>>>> Download Now
ReplyDelete>>>>> Download Full
7 Habits Of Highly Effective Hackers: Using Twitter To Build Password Cracking Wordlist >>>>> Download LINK
>>>>> Download Now
7 Habits Of Highly Effective Hackers: Using Twitter To Build Password Cracking Wordlist >>>>> Download Full
>>>>> Download LINK 1M
We provide very affordable packages on car services in Chandigarh.
ReplyDeleteluxury car rental in Chandigarh
luxury wedding cars in Chandigarh
It is a good site post without fail. Not too many people would actually, the way you just did. I am impressed that there is so much information about this subject that has been uncovered and you’ve defeated yourself this time, with so much quality. Good Works! Its a great pleasure reading your post.Its full of information I am looking for and I love to post a comment that "The content of your post is awesome" Great work. 먹튀검증커뮤니티
ReplyDeleteIts such as you learn my thoughts! You seem to grasp a lot about this, such as you wrote the book in it or something. I believe that you can do with a few percent to power the message house a bit, but other than that, that is excellent blog. A great read. I will certainly be back. Howdy! Would you mind if I share your blog with my facebook group? There’s a lot of people that I think would really appreciate your content. Please let me know. Thanks Great post. I was checking continuously this blog and I am impressed! Very helpful info specifically the last part 🙂 I care for such information a lot. I was seeking this particular info for a long time. Thank you and best of luck. 먹튀사이트
ReplyDeleteThis is usually a area primarily at risk from mud and additionally damage -- relates to your 은평구출장샵
ReplyDelete서대문구출장샵
마포구출장샵
양천구출장샵
강서구출장샵
금천구출장샵
영등포구출장샵ex inside footwear, which can be regularly dull and also whet, specifically for the period of icy weather so they might deliver those to get a for an extended time!
Such great and nice information about software.
ReplyDeleteThis site gonna help me a lot in finding and using a lot of software.
Kindly make this like content and update us. Thanks for sharing us Sublime Text Crack.
Kindly click on here and visit our website and read more.
광산구출장샵
유성구출장샵
대덕구출장샵
진해구출장샵
마산회원구출장샵
Excellent blog.
ReplyDeleteThis website offers
see website
Thanks for sharing the valuable information!
ReplyDelete.
If you are looking to boost your online sales and increase website traffic, then look no further than Boffin Coders, the best SEO company in Mohali! Our team of experts will work tirelessly to optimise your website for maximum visibility and engagement, driving up sales and growing your customer base!
search engine optimization services in mohali
https://sforcexprt.com/salesforce-consulting-partner/
ReplyDeleteThis realization has spurred the demand for a proficient video production marketing agency in Mohali that can bring creative concepts to life. From corporate videos to product demonstrations and brand storytelling, businesses are seeking a partner who can seamlessly integrate video production into their overall marketing strategy.
ReplyDeleteIf you're planning to pursue education in Canada, the expertise of Usa Study visa consultant in Chandigarh becomes invaluable. These consultants guide aspiring students through the intricacies of obtaining a student visa, from choosing the right educational institution to compiling the necessary documents. Their role is pivotal in ensuring a smooth transition from Chandigarh to Canadian campuses.
ReplyDeleteCanada, a land of breath taking landscapes, diverse cultures, and thriving cities, beckons travellers with its promise of adventure. If you're considering a visit, the first step is obtaining a tourist visa, and navigating the intricacies of the immigration process can be challenging. In this blog, we will explore the wonders that await you in Canada and guide you through the visa application procedure with a focus on the Immigration Consultant in Punjab
ReplyDeleteVMV Immigration's blueprint goes beyond individual components, providing comprehensive guidance throughout the entire journey. The organisation ensures that students are well-informed about the intricacies of the Canadian immigration system, empowering them to make informed decisions. VMV Immigration's commitment to transparency and communication establishes a foundation of trust, allowing students to navigate the complexities of the process with ease. Immigration consultants in chandigarh
ReplyDeleteSSS overseas is a company that specializes in helping people navigate complex European immigration laws with ease. They are known for their transparency and integrity, ensuring that clients receive honest and accurate information about their eligibility, requirements, and the overall visa application process. This commitment to transparency helps build trust and confidence, making SSS overseas a reliable partner for individuals looking to start their European journey.
ReplyDeleteBest Immigration consultants in chandigarh
UK Immigration Consultants Chandigarh
The city Beautiful known for its vibrant culture and economic opportunities, houses some of the best immigration consultants who
ReplyDeleteplay a pivotal role in facilitating seamless transitions for individuals seeking to relocate.
Australia Tourist Visa Consultants in Chandigarh
pr consultants in chandigarh
Best Digital Marketing Agency in Chandigarh
ReplyDeleteBest Web Development Company in Chandigarh
Discover luxury and sophistication at LeidiDonna Luxe Shop and Consign, your premier destination for exquisite fashion. Explore consigned treasures at leididonna.com
ReplyDeleteChanel vintage crossbody bag
Small love braclet cartier
digital marketing institute in mohali
ReplyDeleteBest Website Development Company in Mohali
Video Production Marketing Agency
Trading institute in Chandigarh
ReplyDeletecryptocurrency courses in chandigarh
Great post thanx for sharing
ReplyDeleteluxury bags and accessories
UK Study Visa consultants in Mohali
ReplyDeleteBest Study visa consultants in jammu
Best Social Media Marketing Services in Mohali
ReplyDeleteBest Web Development Company in Chandigarh
digital marketing institute in mohali
Best Website Development Company in Mohali
Video Production Marketing Agency
Digital marketing service in Dubai