password cracking

eHarmony Password Cracking with Pipal Analysis

Christopher Truncer Featured Category, Password Cracking , , , , Leave a comment

Over the weekend I ran hashcat on my machine against the md5 hashes from the eHarmony hack.  One thing that is interesting to note, is that all eHarmony passwords that use a character are uppercased.  This helps reduce the keyspace and allows more effective brute force password checks.

After a couple days of both dictionary and brute force attacks, I’ve found 1071380 passwords.  Below are the stats that pipal (by Robin Wood aka @digininja) produced.

Total entries = 1071380
Total unique entries = 1071376

Top 10 passwords
PHIL4 = 2 (0.0%)
PROV3 = 2 (0.0%)
JER29 = 2 (0.0%)
FREETOBEME = 2 (0.0%)
MAR141991 = 1 (0.0%)
KEZEA = 1 (0.0%)
LEJKA = 1 (0.0%)
BILHA = 1 (0.0%)
JENBA = 1 (0.0%)
POMAA = 1 (0.0%)

Top 10 base words
lisa = 254 (0.02%)
chris = 221 (0.02%)
tina = 196 (0.02%)
eric = 188 (0.02%)
nana = 167 (0.02%)
mama = 163 (0.02%)
usmc = 161 (0.02%)
emma = 158 (0.01%)
mike = 154 (0.01%)
lola = 146 (0.01%)

Password length (length ordered)
2 = 2 (0.0%)
3 = 2 (0.0%)
4 = 3 (0.0%)
5 = 46628 (4.35%)
6 = 253347 (23.65%)
7 = 279971 (26.13%)
8 = 200416 (18.71%)
9 = 133066 (12.42%)
10 = 90838 (8.48%)
11 = 35970 (3.36%)
12 = 18727 (1.75%)
13 = 7974 (0.74%)
14 = 4173 (0.39%)
15 = 277 (0.03%)

Password length (count ordered)
7 = 279971 (26.13%)
6 = 253347 (23.65%)
8 = 200416 (18.71%)
9 = 133066 (12.42%)
10 = 90838 (8.48%)
5 = 46628 (4.35%)
11 = 35970 (3.36%)
12 = 18727 (1.75%)
13 = 7974 (0.74%)
14 = 4173 (0.39%)
15 = 277 (0.03%)
4 = 3 (0.0%)
2 = 2 (0.0%)
3 = 2 (0.0%)

|
||
||
||
|||
|||
|||
|||
||||
||||
|||||
|||||
|||||
|||||||
||||||||
|||||||||||||||||
00000000001111111
01234567890123456

One to six characters = 299977 (28.0%)
One to eight characters = 780362 (72.84%)
More than eight characters = 291018 (27.16%)

Only lowercase alpha = 0 (0.0%)
Only uppercase alpha = 435542 (40.65%)
Only alpha = 435542 (40.65%)
Only numeric = 10457 (0.98%)

First capital last symbol = 158 (0.01%)
First capital last number = 493747 (46.09%)

Months
january = 27 (0.0%)
february = 5 (0.0%)
march = 191 (0.02%)
april = 251 (0.02%)
may = 2289 (0.21%)
june = 361 (0.03%)
july = 229 (0.02%)
august = 92 (0.01%)
september = 9 (0.0%)
october = 45 (0.0%)
november = 38 (0.0%)
december = 33 (0.0%)

Days
monday = 33 (0.0%)
tuesday = 11 (0.0%)
wednesday = 2 (0.0%)
thursday = 4 (0.0%)
friday = 32 (0.0%)
saturday = 4 (0.0%)
sunday = 30 (0.0%)

Months (Abreviated)
jan = 2971 (0.28%)
feb = 500 (0.05%)
mar = 10381 (0.97%)
apr = 742 (0.07%)
may = 2289 (0.21%)
jun = 1369 (0.13%)
jul = 1234 (0.12%)
aug = 850 (0.08%)
sept = 142 (0.01%)
oct = 665 (0.06%)
nov = 1021 (0.1%)
dec = 974 (0.09%)

Days (Abreviated)
mon = 6302 (0.59%)
tues = 21 (0.0%)
wed = 290 (0.03%)
thurs = 13 (0.0%)
fri = 915 (0.09%)
sat = 886 (0.08%)
sun = 1826 (0.17%)

Includes years
1975 = 641 (0.06%)
1976 = 637 (0.06%)
1977 = 649 (0.06%)
1978 = 714 (0.07%)
1979 = 656 (0.06%)
1980 = 827 (0.08%)
1981 = 715 (0.07%)
1982 = 725 (0.07%)
1983 = 736 (0.07%)
1984 = 849 (0.08%)
1985 = 733 (0.07%)
1986 = 727 (0.07%)
1987 = 715 (0.07%)
1988 = 580 (0.05%)
1989 = 652 (0.06%)
1990 = 479 (0.04%)
1991 = 441 (0.04%)
1992 = 339 (0.03%)
1993 = 278 (0.03%)
1994 = 299 (0.03%)
1995 = 361 (0.03%)
1996 = 322 (0.03%)
1997 = 318 (0.03%)
1998 = 415 (0.04%)
1999 = 469 (0.04%)
2000 = 1443 (0.13%)
2001 = 816 (0.08%)
2002 = 752 (0.07%)
2003 = 814 (0.08%)
2004 = 877 (0.08%)
2005 = 1083 (0.1%)
2006 = 1235 (0.12%)
2007 = 1302 (0.12%)
2008 = 1401 (0.13%)
2009 = 1373 (0.13%)
2010 = 897 (0.08%)
2011 = 202 (0.02%)
2012 = 228 (0.02%)
2013 = 85 (0.01%)
2014 = 52 (0.0%)
2015 = 57 (0.01%)
2016 = 46 (0.0%)
2017 = 43 (0.0%)
2018 = 50 (0.0%)
2019 = 95 (0.01%)
2020 = 390 (0.04%)

Years (Top 10)
2000 = 1443 (0.13%)
2008 = 1401 (0.13%)
2009 = 1373 (0.13%)
2007 = 1302 (0.12%)
2006 = 1235 (0.12%)
2005 = 1083 (0.1%)
2010 = 897 (0.08%)
2004 = 877 (0.08%)
1984 = 849 (0.08%)
1980 = 827 (0.08%)

Single digit on the end = 102834 (9.6%)
Two digits on the end = 145583 (13.59%)
Three digits on the end = 74986 (7.0%)

Last number
0 = 45295 (4.23%)
1 = 96804 (9.04%)
2 = 56343 (5.26%)
3 = 56725 (5.29%)
4 = 43399 (4.05%)
5 = 44898 (4.19%)
6 = 40625 (3.79%)
7 = 46685 (4.36%)
8 = 40858 (3.81%)
9 = 45590 (4.26%)

|
|
|
|
|
|
|||
|||
|||||| | |
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
0123456789

Last digit
1 = 96804 (9.04%)
3 = 56725 (5.29%)
2 = 56343 (5.26%)
7 = 46685 (4.36%)
9 = 45590 (4.26%)
0 = 45295 (4.23%)
5 = 44898 (4.19%)
4 = 43399 (4.05%)
8 = 40858 (3.81%)
6 = 40625 (3.79%)

Last 2 digits (Top 10)
23 = 15230 (1.42%)
12 = 11373 (1.06%)
11 = 10914 (1.02%)
01 = 10281 (0.96%)
00 = 8981 (0.84%)
21 = 8385 (0.78%)
22 = 8264 (0.77%)
13 = 7935 (0.74%)
69 = 7928 (0.74%)
07 = 7778 (0.73%)

Last 3 digits (Top 10)
123 = 8690 (0.81%)
007 = 2778 (0.26%)
000 = 2628 (0.25%)
234 = 2469 (0.23%)
777 = 1759 (0.16%)
001 = 1685 (0.16%)
009 = 1674 (0.16%)
008 = 1653 (0.15%)
111 = 1611 (0.15%)
101 = 1601 (0.15%)

Last 4 digits (Top 10)
1234 = 1995 (0.19%)
2008 = 1277 (0.12%)
2009 = 1258 (0.12%)
2000 = 1192 (0.11%)
2007 = 1171 (0.11%)
2006 = 1097 (0.1%)
2005 = 967 (0.09%)
2345 = 909 (0.08%)
2004 = 784 (0.07%)
2010 = 782 (0.07%)

Last 5 digits (Top 10)
12345 = 793 (0.07%)
23456 = 444 (0.04%)
54321 = 153 (0.01%)
55555 = 133 (0.01%)
11111 = 123 (0.01%)
77777 = 110 (0.01%)
56789 = 106 (0.01%)
00000 = 94 (0.01%)
96969 = 66 (0.01%)
34567 = 65 (0.01%)

US Area Codes
234 = NE Ohio: Canton, Akron (OH)

Character sets
upperalphanum: 624283 (58.27%)
upperalpha: 435542 (40.65%)
numeric: 10457 (0.98%)
upperalphaspecialnum: 482 (0.04%)
upperalphaspecial: 473 (0.04%)
specialnum: 67 (0.01%)

Character set ordering
stringdigit: 479830 (44.79%)
allstring: 435542 (40.65%)
digitstring: 58288 (5.44%)
stringdigitstring: 50016 (4.67%)
othermask: 24689 (2.3%)
digitstringdigit: 11889 (1.11%)
alldigit: 10457 (0.98%)
stringspecialstring: 342 (0.03%)
stringspecialdigit: 223 (0.02%)
stringspecial: 90 (0.01%)
specialstring: 8 (0.0%)
specialstringspecial: 6 (0.0%)

Hashcat masks (Top 10)
?u?u?u?u?u?u?u?u: 108525 (10.13%)
?u?u?u?u?u?u: 101112 (9.44%)
?u?u?u?u?u?u?u: 88475 (8.26%)
?u?u?u?d?d?d?d: 52666 (4.92%)
?u?u?u?u?u?u?u?u?u: 50870 (4.75%)
?u?u?u?u?d?d: 38725 (3.61%)
?u?u?u?u?u?u?u?u?u?u: 33055 (3.09%)
?u?u?u?u?u?d?d: 32912 (3.07%)
?u?u?d?d?d?d: 30207 (2.82%)
?u?u?u?u?u?u?d: 26176 (2.44%)

LinkedIn Passwords Cracked with Pipal Stats – Work in Progress

Christopher Truncer Featured Category, Password Cracking , , , , , , 4 Comments

I’ve spent the past couple days attempting to crack the hashes from the LinkedIn dump.  I’ve used a combination of dictionary and bruteforce methods to discover the plaintext password.

I am still in the process of cracking the hashes, however I wanted to take a second and run Pipal (a great tool by Robin Wood (@digininja) that produces statistics that can aid the password cracking process) to start to find patterns, and modify my cracking masks to find new patterns.

After reviewing the current stats, I’ve already identified a number of things to change to help find more passwords.

These stats will change as more passwords are found, but I’ve copied the output from Pipal into this post.  I’ll be interested to see if others can verify these findings.  Also hope that the output can help aid other researchers.

If anyone has any questions, comments, or suggestions, feel free to get in touch with me @christruncer.

Enjoy

 

Total entries = 3123784
Total unique entries = 3123784

Top 10 passwords
““““ = 1 (0.0%)
^^%#!# = 1 (0.0%)
^(!)## = 1 (0.0%)
^&^&^&^& = 1 (0.0%)
^#^$%^ = 1 (0.0%)
^#!(%( = 1 (0.0%)
^%$#@! = 1 (0.0%)
^%#)** = 1 (0.0%)
~!@#$% = 1 (0.0%)
<>,.>< = 1 (0.0%)

Top 10 base words
link = 2159 (0.07%)
alex = 1342 (0.04%)
mike = 1287 (0.04%)
june = 1161 (0.04%)
password = 1127 (0.04%)
love = 1119 (0.04%)
john = 1027 (0.03%)
linked = 1019 (0.03%)
july = 961 (0.03%)
blue = 936 (0.03%)

Password length (length ordered)
1 = 23 (0.0%)
2 = 32 (0.0%)
3 = 71 (0.0%)
4 = 74 (0.0%)
5 = 104 (0.0%)
6 = 574821 (18.4%)
7 = 528687 (16.92%)
8 = 1073209 (34.36%)
9 = 478872 (15.33%)
10 = 274961 (8.8%)
11 = 111567 (3.57%)
12 = 52246 (1.67%)
13 = 18346 (0.59%)
14 = 7905 (0.25%)
15 = 2881 (0.09%)

Password length (count ordered)
8 = 1073209 (34.36%)
6 = 574821 (18.4%)
7 = 528687 (16.92%)
9 = 478872 (15.33%)
10 = 274961 (8.8%)
11 = 111567 (3.57%)
12 = 52246 (1.67%)
13 = 18346 (0.59%)
14 = 7905 (0.25%)
15 = 2881 (0.09%)
5 = 104 (0.0%)
4 = 74 (0.0%)
3 = 71 (0.0%)
2 = 32 (0.0%)
1 = 23 (0.0%)

|
|
|
|
|
|
|
| |
||||
||||
||||
|||||
|||||
|||||
||||||
||||||||||||||||
0000000000111111
0123456789012345

One to six characters = 575119 (18.41%)
One to eight characters = 2177013 (69.69%)
More than eight characters = 946771 (30.31%)

Only lowercase alpha = 829695 (26.56%)
Only uppercase alpha = 21300 (0.68%)
Only alpha = 850995 (27.24%)
Only numeric = 190553 (6.1%)

First capital last symbol = 23393 (0.75%)
First capital last number = 317485 (10.16%)

Months
january = 276 (0.01%)
february = 110 (0.0%)
march = 969 (0.03%)
april = 1173 (0.04%)
may = 5719 (0.18%)
june = 1762 (0.06%)
july = 1186 (0.04%)
august = 766 (0.02%)
september = 194 (0.01%)
october = 403 (0.01%)
november = 288 (0.01%)
december = 304 (0.01%)

Days
monday = 270 (0.01%)
tuesday = 106 (0.0%)
wednesday = 36 (0.0%)
thursday = 55 (0.0%)
friday = 278 (0.01%)
saturday = 43 (0.0%)
sunday = 150 (0.0%)

Months (Abreviated)
jan = 9753 (0.31%)
feb = 1302 (0.04%)
mar = 39626 (1.27%)
apr = 2803 (0.09%)
may = 5719 (0.18%)
jun = 4717 (0.15%)
jul = 6017 (0.19%)
aug = 2926 (0.09%)
sept = 924 (0.03%)
oct = 2277 (0.07%)
nov = 3557 (0.11%)
dec = 2879 (0.09%)

Days (Abreviated)
mon = 18611 (0.6%)
tues = 135 (0.0%)
wed = 1193 (0.04%)
thurs = 107 (0.0%)
fri = 3910 (0.13%)
sat = 3201 (0.1%)
sun = 7040 (0.23%)

Includes years
1975 = 3135 (0.1%)
1976 = 3104 (0.1%)
1977 = 3144 (0.1%)
1978 = 3328 (0.11%)
1979 = 3261 (0.1%)
1980 = 3910 (0.13%)
1981 = 3381 (0.11%)
1982 = 3354 (0.11%)
1983 = 2957 (0.09%)
1984 = 2996 (0.1%)
1985 = 2354 (0.08%)
1986 = 1906 (0.06%)
1987 = 1621 (0.05%)
1988 = 1364 (0.04%)
1989 = 1230 (0.04%)
1990 = 1204 (0.04%)
1991 = 1143 (0.04%)
1992 = 1001 (0.03%)
1993 = 1056 (0.03%)
1994 = 1238 (0.04%)
1995 = 1429 (0.05%)
1996 = 1553 (0.05%)
1997 = 1617 (0.05%)
1998 = 1924 (0.06%)
1999 = 2320 (0.07%)
2000 = 7743 (0.25%)
2001 = 4349 (0.14%)
2002 = 4076 (0.13%)
2003 = 3924 (0.13%)
2004 = 4345 (0.14%)
2005 = 4928 (0.16%)
2006 = 5288 (0.17%)
2007 = 6166 (0.2%)
2008 = 7916 (0.25%)
2009 = 4912 (0.16%)
2010 = 6822 (0.22%)
2011 = 6887 (0.22%)
2012 = 2404 (0.08%)
2013 = 314 (0.01%)
2014 = 236 (0.01%)
2015 = 238 (0.01%)
2016 = 208 (0.01%)
2017 = 199 (0.01%)
2018 = 224 (0.01%)
2019 = 436 (0.01%)
2020 = 1006 (0.03%)

Years (Top 10)
2008 = 7916 (0.25%)
2000 = 7743 (0.25%)
2011 = 6887 (0.22%)
2010 = 6822 (0.22%)
2007 = 6166 (0.2%)
2006 = 5288 (0.17%)
2005 = 4928 (0.16%)
2009 = 4912 (0.16%)
2001 = 4349 (0.14%)
2004 = 4345 (0.14%)

Single digit on the end = 350379 (11.22%)
Two digits on the end = 575205 (18.41%)
Three digits on the end = 203834 (6.53%)

Last number
0 = 168275 (5.39%)
1 = 367045 (11.75%)
2 = 188843 (6.05%)
3 = 200913 (6.43%)
4 = 140753 (4.51%)
5 = 140199 (4.49%)
6 = 126615 (4.05%)
7 = 151775 (4.86%)
8 = 137828 (4.41%)
9 = 144357 (4.62%)

|
|
|
|
|
|
|
|||
||||
|||||| |||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
0123456789

Last digit
1 = 367045 (11.75%)
3 = 200913 (6.43%)
2 = 188843 (6.05%)
0 = 168275 (5.39%)
7 = 151775 (4.86%)
9 = 144357 (4.62%)
4 = 140753 (4.51%)
5 = 140199 (4.49%)
8 = 137828 (4.41%)
6 = 126615 (4.05%)

Last 2 digits (Top 10)
23 = 65415 (2.09%)
01 = 59404 (1.9%)
11 = 50754 (1.62%)
12 = 43549 (1.39%)
00 = 42332 (1.36%)
10 = 33730 (1.08%)
07 = 29416 (0.94%)
99 = 27473 (0.88%)
08 = 26396 (0.85%)
22 = 24695 (0.79%)

Last 3 digits (Top 10)
123 = 46505 (1.49%)
007 = 13480 (0.43%)
000 = 13360 (0.43%)
234 = 12088 (0.39%)
001 = 10681 (0.34%)
008 = 8320 (0.27%)
010 = 7622 (0.24%)
111 = 7302 (0.23%)
011 = 7254 (0.23%)
999 = 5978 (0.19%)

Last 4 digits (Top 10)
1234 = 10841 (0.35%)
2008 = 7165 (0.23%)
2000 = 6911 (0.22%)
2010 = 5842 (0.19%)
2011 = 5765 (0.18%)
2007 = 5561 (0.18%)
2006 = 4763 (0.15%)
2009 = 4386 (0.14%)
2005 = 4377 (0.14%)
2004 = 3848 (0.12%)

Last 5 digits (Top 10)
12345 = 2858 (0.09%)
23456 = 1346 (0.04%)
54321 = 397 (0.01%)
00000 = 330 (0.01%)
11111 = 294 (0.01%)
55555 = 220 (0.01%)
77777 = 213 (0.01%)
45678 = 184 (0.01%)
34567 = 177 (0.01%)
56789 = 172 (0.01%)

Character sets
loweralphanum: 1469801 (47.05%)
loweralpha: 829695 (26.56%)
mixedalphanum: 348160 (11.15%)
numeric: 190553 (6.1%)
mixedalpha: 79534 (2.55%)
loweralphaspecialnum: 54671 (1.75%)
mixedalphaspecialnum: 50166 (1.61%)
upperalphanum: 33844 (1.08%)
loweralphaspecial: 25687 (0.82%)
upperalpha: 21300 (0.68%)
mixedalphaspecial: 10436 (0.33%)
upperalphaspecialnum: 2606 (0.08%)
specialnum: 2512 (0.08%)
upperalphaspecial: 859 (0.03%)
special: 168 (0.01%)

Character set ordering
stringdigit: 1432870 (45.87%)
allstring: 930529 (29.79%)
alldigit: 190553 (6.1%)
stringdigitstring: 178044 (5.7%)
othermask: 159383 (5.1%)
digitstring: 121673 (3.9%)
stringspecialdigit: 41091 (1.32%)
digitstringdigit: 35033 (1.12%)
stringspecialstring: 17847 (0.57%)
stringspecial: 13070 (0.42%)
specialstring: 2137 (0.07%)
specialstringspecial: 1386 (0.04%)
allspecial: 168 (0.01%)

Hashcat masks (Top 10)
?l?l?l?l?l?l?l?l: 238761 (7.64%)
?l?l?l?l?l?l?d?d: 183616 (5.88%)
?l?l?l?l?l?l: 175645 (5.62%)
?l?l?l?l?l?l?l: 148901 (4.77%)
?l?l?l?l?l?l?l?l?l: 127938 (4.1%)
?l?l?l?l?d?d?d?d: 107499 (3.44%)
?d?d?d?d?d?d: 93340 (2.99%)
?l?l?l?l?l?l?l?l?l?l: 78643 (2.52%)
?l?l?l?l?l?d?d: 75618 (2.42%)
?l?l?l?l?l?l?l?d: 67087 (2.15%)