Password Cracking; the First 500 Million presented at BSidesLondon 2019

by Jamie Riden,

Summary : We present a new tool, hashcrack, to preprocess hash files and drive hashcat with sensible parameters, including support for automatic ntdsutil and responder DB extraction.Examples of good and bad hashing methods are given, as well as advice on how to do strong password hashing, and prevent credential stuffing attacks.We also do a walk through of cracking 500 million hashes from Troy Hunt/haveibeenpwned's NTLM password dump will be given, and a representative data set of mixed hashes (NTLM, sha256crypt, bcrypt, Drupal, Wordpress and others) will be provided for a CTF-type competition.See https://github.com/nccgroup/hashcrack - the tool supports many common hash formats including Cisco, UNIX, and Windows types as well as standard MD5/SHA1,2,3 etc.