Tag Archives: case study

image_pdfimage_print

Kevin Mitnick’s Password Hacking with Hashtopolis

Kevin Mitnick and his Hashtopolis: The Ultimate Password Cracking Tool


password hacking with Hashtopolis by Jacques gascuel
This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.
Related topic : ******

How Kevin Mitnick hacked passwords with Hashtopolis

Learn about password hacking using Hashtopolis, a powerful tool that can crack any hash in minutes using multiple machines equipped with GPUs. Famous hacker Kevin Mitnick used it to demonstrate the tool’s capabilities. Discover the advantages and disadvantages of using such a tool, as well as ethical and legal implications of password hacking. Get tips on how to protect your online accounts with strong passwords. Keep reading to find out more!

2024 Cyberculture Legal information

Encrypted messaging: ECHR says no to states that want to spy on them

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

2024 Articles Digital Security EviPass Password

Human Limitations in Strong Passwords Creation

2024 Articles Digital Security EviKey NFC HSM EviPass News SSH

Terrapin attack: How to Protect Yourself from this New Threat to SSH Security

2024 Articles Digital Security News Phishing

Google OAuth2 security flaw: How to Protect Yourself from Hackers

2023 Articles Digital Security EviCypher NFC HSM News Technologies

Telegram and the Information War in Ukraine

Password hacking tool: how it works and how to protect yourself

Password hacking is a practice that consists of finding the secret code that protects access to an account or a file. There are specialized tools to perform this operation, such as the one used by Mitnick Security Consulting. In this article, we will present the features of this tool, its advantages and disadvantages, as well as the ways to protect yourself from password hacking.

Introduction

Password hacking is a practice that consists of finding the secret code that protects access to an account or a file. It can be done for various purposes, such as testing the security of a system, recovering a forgotten password, or stealing personal or professional data.

There are specialized tools to perform password hacking, such as the one used by Mitnick Security Consulting. This company is led by Kevin Mitnick, a famous hacker who was arrested in 1995 for hacking dozens of computer systems, including those of the Pentagon, NASA and FBI. Today he has become a security expert and consultant who helps companies protect themselves from cyberattacks.

The main purpose of this article is to present the features, advantages and disadvantages of the password hacking tool used by Mitnick Security Consulting, as well as the ways to protect yourself from password hacking. We will first explain how the tool uses a large number of GPUs to speed up the hacking process. Then we will discuss the benefits and drawbacks of using such a tool in terms of energy consumption and privacy concerns. Next we will address the ethical and legal implications of password hacking. After that we will summarize some user reactions to password hacking. Finally we will provide some tips on how to protect your online accounts with strong passwords.

Features of the password hacking tool

The password hacking tool used by Mitnick Security Consulting uses a large number of GPUs to speed up the hacking process. According to the information shared by Mitnick, the tool uses 24 GPU 4090s and 6 GPU 2080s, all clustered and running with Hashtopolis. This allows the tool to hack passwords at an impressive speed, reaching 6.2 trillion per second for NTLM (New Technology LAN Manager).

Hashtopolis is an open source software that allows to distribute the password hacking work across multiple machines equipped with GPUs. It uses a web interface to manage the agents, tasks and passwords found. It supports several types of hashes, such as NTLM, MD5, SHA1, SHA256, SHA512, WPA/WPA2 and even BitLocker.

A hash is a mathematical function that transforms a password into a random string of characters. For example, the password “password” hashed with MD5 would be “5f4dcc3b5aa765d61d8327deb882cf99”. Hashing is used to store passwords securely without revealing them in plain text.

To crack a password, one has to find the original password that corresponds to a given hash. This can be done by using different methods, such as bruteforce, dictionary or mask.

Bruteforce is a method that tries all possible combinations of characters until finding the right one. For example, if the password is four digits long, it would try 0000, 0001, 0002… until 9999.

Dictionary is a method that tries words from a predefined list or a common language dictionary. For example, if the password is a word in English, it would try apple, banana, carrot… until finding the right one.

Mask is a method that tries combinations based on a known pattern or structure. For example, if the password is composed of two words separated by an underscore (_), it would try word_word, name_name… until finding the right one.

Advantages and disadvantages of the password hacking tool

The use of such a tool has advantages and disadvantages. On one hand, it allows the company to quickly test the security of the passwords used by its clients and detect vulnerabilities. This can help prevent unauthorized access and data breaches. It can also help users improve their password habits and choose stronger passwords.

On the other hand, it consumes a considerable amount of energy and generates heat. This can have a negative impact on the environment and increase the carbon footprint of the company. It can also raise privacy concerns, as the tool can be used for malicious purposes, such as hacking online accounts or sensitive data. This can result in identity theft, industrial espionage or sabotage.

It is important to note that even with such a powerful tool, there are limits to what can be achieved in terms of password hacking. Long and complex passwords, stored using secure hashing algorithms such as bcrypt or PBKDF2, can be very difficult to hack even with powerful tools. These algorithms use a large number of iterations to significantly slow down the hashing process, making brute force hacking much more difficult.

In addition to the number of iterations, these algorithms have other features that make them more resistant to GPU or specialized hardware attacks. Bcrypt uses an encryption function based on Blowfish, which is designed to be costly in memory and random access. This makes it difficult to parallelize bcrypt on multiple GPUs. PBKDF2 uses an internal hash function, such as SHA-256 or SHA-512, which can be optimized for GPUs, but which also requires a lot of calculations. This makes the cost of the attack proportional to the number of iterations. According to a 2015 study, it would take about 4 days to crack an 8-character alphanumeric password with bcrypt and 10 iterations, compared to about 5 hours with PBKDF2 and 10,000 iterations.

Ethical and legal implications of password hacking

The use of such a powerful password hacking tool raises ethical and legal questions. On one hand, it can serve to strengthen the security of computer systems by demonstrating their vulnerability and encouraging users to choose stronger passwords. This can be seen as a form of ethical hacking or penetration testing, which aims to improve the security of a system by finding and reporting its weaknesses.

On the other hand, it can be used for malicious purposes, such as hacking online accounts or sensitive data. This can be seen as a form of illegal hacking or cybercrime, which aims to harm or exploit a system by exploiting its weaknesses.

Therefore, some ethical and legal rules must be respected when using a password hacking tool. For example:

  • The tool should only be used with the consent and authorization of the owner or administrator of the system.
  • The tool should only be used for legitimate purposes, such as testing the security of passwords or recovering a forgotten password.
  • The tool should not be used to access or disclose confidential or personal information without permission.
  • The tool should not be used to cause damage or disruption to the system or its users.

To give you an idea of how long it would take to crack a password using high-performance GPUs, a machine equipped with eight RTX 4090 GPUs, the most powerful on the market today and very popular among gamers and creators, could go through all possible combinations of an 8-character password in just 48 minutes using brute force methods. For comparison, it would take about 3 hours and 20 minutes with eight RTX 3090 Ti GPUs.

User reactions to password hacking

Kevin Mitnick’s post sparked many positive comments from computer security experts, who praised the power and speed of his password hacking tool. Some even asked for technical details on how Hashtopolis works and what types of hashes it can crack.

For example, one comment said: “This is amazing! I would love to see how Hashtopolis works and what kind of hashes it can crack. Can you share some screenshots or videos of the tool in action?”

Another comment said: “Wow, this is impressive! I wonder how long it would take to crack a password with bcrypt or PBKDF2 using this tool. Do you have any benchmarks or comparisons?”

However, some negative comments from Internet users also expressed concerns about the environmental impact and privacy issues of password hacking.

For example, one comment said: “This is terrible! Do you realize how much electricity and heat this tool consumes? You are contributing to global warming and climate change with your irresponsible hacking. You should plant some trees or use renewable energy to offset your carbon footprint.”

Another comment said: “This is scary! How can we trust you with our passwords and data? You could hack into our accounts or steal our information without our consent. You are violating our privacy and security with your unethical hacking. You should respect the law and the rights of others.”

In conclusion

The new password hacking tool used by Mitnick Security Consulting is impressive in terms of power and speed. It can crack passwords at an astonishing rate, reaching 6.2 trillion per second for NTML. It uses Hashtopolis, an open source software that allows to distribute the password hacking work across multiple machines equipped with GPUs. It supports several types of hashes and methods to crack them.

However, the use of such a tool also raises concerns about energy and privacy. It consumes a considerable amount of electricity and generates heat, which can have a negative impact on the environment. It can also be used for malicious purposes, such as hacking online accounts or sensitive data, which can result in identity theft, industrial espionage or sabotage.

As Internet users, it is important to be aware of the risks associated with weak passwords and use secure methods to protect our online accounts. Some tips to do so are:

  • Use long and complex passwords that contain letters, numbers and symbols.
  • Use a password manager to store and generate secure passwords.
  • Use a random password generator or a secret phrase that is easy to remember but hard to guess.
  • Use multi-factor authentication that requires a code sent by SMS or email to access an account.

Password hacking is a practice that can have positive or negative consequences depending on how it is used. It is therefore necessary to be vigilant and adopt good practices to protect ourselves from hackers like Kevin Mitnick.

I hope this article has helped you understand how password hacking works and how to protect yourself from it. If you want to learn more about password hacking, you can check out these sources:

  • Cracking Passwords at 7.25 TRILLION Hashes per second?
  • How Secure Is My Password?
  • How To Create A Strong Password

Sources :

(1) hash – What is the specific reason to prefer bcrypt or PBKDF2 over …. https://security.stackexchange.com/questions/133239/what-is-the-specific-reason-to-prefer-bcrypt-or-pbkdf2-over-sha256-crypt-in-pass.

(2) Password Storage – OWASP Cheat Sheet Series. https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html.

(3) Do any security experts recommend bcrypt for password storage?. https://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage.

(4) Password Hashing: PBKDF2 (using sha512 x 1000) vs Bcrypt. https://stackoverflow.com/questions/4433216/password-hashing-pbkdf2-using-sha512-x-1000-vs-bcrypt.