Re: Gawker hacked: Another trove of password data

[Corey Quinn <corey () sequestered net>]

On Dec 12, 2010, at 5:07 PM, Fyodor wrote:

> It looks like Gawker (mostly a network of gossip sites) has been
> compromised.  The attackers posted more than a million usernames,
> email addresses, and password hashes:
>
> http://yro.slashdot.org/story/10/12/12/2234252/Gawker-Source-Code-and-Databases-Compromised
>
> That is obviously unfortunate for Gawker and their users, but it does
> give us more real-life password frequency data to use for improving
> Nmap.  It looks like the torrent file contains 1.2 million records,
> most of which include password hashes (some small percentage just say
> "NULL").  It looks like they are probably using crypt(), but I'm not
> certain.  The readme.txt says it is DES based and only allows up to 8
> characters, and the hashes are 13 chars long, so it seems like
> crypt().
>
> The torrent also includes cracked passwords for a subset of those DB
> records (188,281 accounts).
>
> I can easily add the 188,000 already-cracked accounts to the Nmap
> password frequency files, but does anyone have time and computing
> resources to start on cracking the rest?  I recall that Brandon was
> able to crack a very large percentage of the PHPBB password hashes we
> found before.  And I recall that members of this list scored very well
> in the Defcon password cracking contest this year :).

As of right... now, I've broken 208563 of the full_list.  That number's rising, albeit slowly.

I'll continue on with this for a while, please ping me if you' like access to the results.

-- Corey / KB1JWQ
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/