Cracking hashed passwords with John the Ripper and UNIQPASS
https://www.ispeech.org/text.to.speech
This video shows John the Ripper (http://www.openwall.com/john/) dictionary attack in action. I use the password list from http://dazzlepod.com/site_media/txt/passwords.txt (1.7 million entries) and http://dazzlepod.com/uniqpass/ (27 million entries) to crack a set of hashes for accounts from rootkit.com (leaked and mentioned in http://dazzlepod.com/rootkit/)
The video starts by showing the download and build steps of John the Ripper on my MacBook Pro. Next, I use phpMyAdmin to export the list of hashes in ID:PASSWORD format from the rootkit.com database. This will be the hashes that JtR will crack with the password list passwords.txt and uniqpass.
Results:
passwords.txt successfully cracked 37% (27048 of 71222) of the hashes in 31 seconds while uniqpass successfully cracked 54% (38748 of 71222) of the hashes in 6 minutes 21 seconds. The longer time for uniqpass is probably expected due to its much larger wordlist. Overall, it does gives a reasonably good success rate given that this is merely a dictionary attack. JtR supports incremental attack to try combinations of characters. That should be able to crack more if not all of the hashes given enough time 🙂
source
Gloss