![]() ![]() Meaning it takes 3 times longer to run through. There is also a “Weakpass 2.0 A”, but this wordlist isn’t worth it in most cases: ![]() However, this is VERY dependent on the supporting hardware. FYI, there’s a bit of time taken to cache the wordlist when hashcat first starts. It takes about 4 minutes to run through the weakpass 2.0 wordlist with (1) 1080 Ti. Weakpass 2.0 had the highest standalone crack rate with 14 of the 40 hashes cracked. This wordlist is huge, weighing in at 28GB. Weakpass 2.0 is a combination of several dumps and available wordlists. Yes, there are others that are bigger, but in our test case these were most effective when considering the time to number of cracks ratio. Here are the top 3 performers, from publicly available wordlists: To test this, we gathered 40 NTLMv2 hashes from recent pentests.Īfter some Googling and a little bit of trial and error, we found our wordlists. We use Responder during internal pentests, so cracking 1 out of every 3 NTLM hashes almost guarantees us a path to domain admin. When we started building a test case for this blog, our original goal was to have a 33% crack rate. Finding the Perfect WordlistsĪfter putting together the hardware we needed to focus on finding the right wordlists to bring our cracking rate up to an acceptable percentage. We used the budget build hardware to run our test cases, so that we could show how effective this rig can be with the right wordlists and rules. Nothing against using AWS, it’s just a better investment to build your own rig if you’re planning on using it frequently. So, it’s an all-around win if you’re currently using a hosted cracking instance. Another nice benefit is that a single 1080 Ti, performs faster than the AWS g2.8xlarge instance. This isn’t too bad considering it’s anywhere between $50 to $200 per day to run an AWS g2.8xlarge instance. Keep in mind that $700 of that cost is the GPU alone. You favorite linux flavor, and a copy of hashcatĭepending on how frugal you are, the rig will probably cost about $1200-$1500.The special of the week motherboard and case combo from you favorite (local/online) hardware vendor. ![]() RAM is cheap, buy as much as you can afford and fit in your motherboard.You’re not gaining much performance by going to the i7, but if you got a little extra $$, go for it.SSD increases wordlist read speed, and they’re getting cheaper by the day.This is going to be the most expensive piece of the rig at about $700.This is what we recommend to build a rig on a budget: The rest of the hardware doesn’t need to be very special. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |