A subreddit dedicated to hacking and hacking culture.What we are about: quality and constructive discussion about the culture, profession and love of hacking.This sub is aimed at those with an understanding of hacking - please visit for posting beginner links and tutorials; any beginner questions should be directed there as they will result in a ban here.Guides and tutorials are welcome here as long as they are suitably complex and most importantly legal!Bans are handed out at moderator discretion.Another one got caught today, it's all over the papers. 'TeenagerArrested in Computer Crime Scandal', 'Hacker Arrested after Bank Tampering'.Damn kids. They're all alike. Rules:.Keep it legalHacking can be a grey area but keep it above board. Discussion around the legality of issues is ok, encouraging or aiding illegal activities is not.We are not your personal army. This is not the place to try to find hackers to do your dirty work and you will be banned for trying. This includes:.
The Dictionary attack is much faster then as compared to Brute Force Attack. (There is another method named as “Rainbow table”, it is similar to Dictionary attack). In order to achieve success in a dictionary attack, we need a large size of Password lists. UPC Broadband routers use 8 capital letters as default password for Wifi and TP Link routers use the 8 digit default WPS PIN. Both can be easily generated with Crunch. Crunch password list generation. Let’s use the following command to have Crunch generate a wordlist containing all combinations of 4 letters.
Asking someone to hack for you. Trying to hire hackers. Asking for help with your DoS. Asking how to get into your 'girlfriend's' instagram.
Offering to do these things will also result in a ban.No 'how do i start hacking?' See or the stickied post.Intermediate questions are welcomed - e.g.
'How does HSTS prevent SSL stripping?' Is a good question. 'How do I hack wifi with Kali?' Is bad.No 'I got hacked' posts unless it's an interesting post-mortem of a unique attack. Your nan being phished doesn't count.Sharing of personal data is forbidden - no doxxing or IP dumping.Spam is strictly forbidden and will result in a ban.
Professional promotion e.g. From security firms/pen testing companies is allowed within the confines of site-wide rules on self promotion, but will otherwise be considered spam.Off-topic posts will be treated as spam.Low-effort content will be removed at moderator discretion.We are not tech support, these posts should be kept on.Don't be a dick. Play nice, support each other and encourage learning.Recommended Subreddits:.
To brute force passwords you have to have a copy of the encrypted password file from the site. When people talk about brute forcing passwords, they mean after they've broken into the site or a data breach has leaked the password file.At that point, you're looking at trillions of tries per second; 10 Th/sec is feasible for a dedicated cracking rig or supercomputer. About $5,000 will get you 1-2 Th/sec.How long it takes to crack depends on keyspace (how long the password is and what characters are allowed) and on if the passwords are salted (if they are, you have to search the whole keyspace for each user, not just once.) Also, if the site used a deliberately slow hash process (like bcrypt, or just a stupid number of iterations) it will be much slower.10 characters, alphanumeric (no symbols) has a keyspace of 62 10, or about 2 60. That can be brute forced at 10 Th/sec in about 23 hours. If it were numeric digits only, the tiny keyspace of 10 10 would fall in 0.001 seconds.This said, a dictionary attack would be tried first and might get you most of the passwords in seconds.
Also, if the passwords are unsalted, a rainbow table attack will crack them all instantly.However. For all this you need the password file. Without it, if you're doing an online attack and hitting the website, you're looking at maybe 10 guesses per second or the website will either fall over (for small sites) or ban your IP (for large ones.) Judicious use of proxies might get you up to a couple hundred per second, maybe.
![Wordlist for password cracking Wordlist for password cracking](http://i94.photobucket.com/albums/l112/TAPE_RULEZ/crunch_t_05.jpg)
At that rate, 2 60 will take 126 million years, per user. Online brute forcing is impossible. $5k for a 1-2 Th/sec cracking rig is from actual knowledge; I can go online and buy one for that (basically a PC with a few ASIC cards in it devoted to hashing.) I'm assuming that a supercomputer or other massively parallel system would be easily able to go 5-10 times faster than this even while not being ASIC based.Of course, with enough money you can go almost arbitrarily fast since password cracking is an embarrassingly parallel problem - I could buy 1,000 of those $5k cracking rigs and be at over 1,000 Th/sec.
Though unlike a supercomputer that system wouldn't be good for anything but password cracking (or mining bitcoin.). Hardware, absolutely. An AntMiner S7 (bitmaintech.com, $1532) will do 4.05 Th/sec, a BFL Monarch (butterflylabs.com, $315) will do 700Gh/sec and you can fit several in a PC (with one hell of a power supply, of course.) They're sold as Bitcoin miners, but they're just SHA hashing accelerator ASICs, they work just as well for password cracking if the right hashing algorithm is used. (Of course, if the passwords were hashed with something other than SHA1/SHA2, you'd need different ASICs and not Bitcoin-compatible ones.) If anything I've overestimated the prices.
Working against NTLM login passwords, a password of “fjR8n” can be broken on the CPU in 24 seconds, at a rate of 9.8 million password guesses per second. On the GPU, it takes less than a second at a rate of 3.3 billion passwords per second.Increase the password to 6 characters (pYDbL6), and the CPU takes 1 hour 30 minutes versus only four seconds on the GPU. Go further to 7 characters (fh0GH5h), and the CPU would grind along for 4 days, versus a frankly worrying 17 minutes 30 seconds for the GPU.Try for a nine-character, mixed-case random password. While a CPU would take 43 years to crack this, the GPU would be done in 48 days.
Error messages will go here SummaryStructure:(Legend: word = A word, s = the separator character, d = a random digit, p = the padding symbol)Length: Character Coverage: (Legend: No Maybe Yes) Generate Password(s)Num. Passwords:The xkpasswd.pm Perl ModuleThis site is powered by the XKPasswd.pm Perl Module, and serves as a good example of its capabilities. The module has been released under theFreeBSD license, so it's completely free to use, even within commercial products, providing the two terms of the FreeBSD license are observed. Bascially,you can re-use the library as long as credit is given, the author's copyright notices are preserved, and you promise not to take legal action against theauthor if the code gives you problems.The module can be downloaded from the author's website:.
The Comic that Inspired This ToolCredits. Website and underlying password generation library ( XKPasswd.pm) by. Banner by Stu Helm (incorporating artwork from the ). Icons from, and. Web Interface powered.