I've got an old datacenter KVM with a root password I've been unable to crack, even though it's an ancient DES one.
Does anyone have a good cloud-hosted password cracker? I can't seem to brute force it, no matter how long I let John the ripper run.
raphman 4 hours ago [-]
Thanks for sharing. This looks interesting. Impressive achievement.
This book is currently not really relevant for me, so I just skimmed the samples on Amazon.
I found the technical content to be reasonably accurate and interesting although sometimes a little bit verbose (e.g., the section about 'what is a password') or slightly imprecise. In general, I think this book might have benefited from a thorough copyediting pass. There are quite a few grammar errors and unpolished sentences in the book, e.g.:
> The reason why Linux is imperative is that well, for one, most of the tools we will use, while indeed have builds for other systems, like Windows, in this book we will work with Linux.
Wishing you success and keep on writing!
dugidugout 1 hours ago [-]
What did you find slightly imprecise?
jfarina 13 minutes ago [-]
It's awkwardly phrased and doesn't really say what it intends to (though, the meaning is obvious after reading it a second or third time).
As for it being imprecise, it doesn't talk about any specific software that has any compatibility issues. It dismisses the topic out of hand.
ViAchKoN 12 minutes ago [-]
Nice job!
It is a massive achievement to publish a book let alone to be start a career so early at age!
Now need to find time read the book. It seems it be quite interesting.
eigenrick 2 hours ago [-]
This is an amazing achievement for someone of any age, but to publish a book with this much research at 18 is phenomenal. I heartily congratulate you.
I've hopped through the book and it seems carefully laid out and organized. I may come back at you with questions once I've read further. Cheers.
aqsa_sajjad 27 minutes ago [-]
This is a really impressive project, especially starting at 14. The point about there being no single comprehensive resource rings true, I've tried to learn about password security before and always ended up jumping between five different tabs just to understand one concept.
amelius 10 minutes ago [-]
Ok, so what should we use instead of passwords?
giuscri 8 minutes ago [-]
passkeys are the obvious answer, but not sure
gabrielsroka 4 hours ago [-]
Great job. The book is 427 pages.
Why not put the video on YouTube?
bradgranath 1 hours ago [-]
Are you drunk? He’s lucky Google and Amazon haven’t noticed yet. If he wants to keep access to his accounts he should pull them down immediately and distribute via torrent.
isityettime 1 hours ago [-]
Why? Don't they both sell other books on cracking and pentesting and whatever? There are tons of videos on YouTube about hashcat and aircrack-ng and rainbow tables and blah blah blah.
You think this stuff is some kind of secret or illicit knowledge?
The video is just less than half a minute of him flipping through some pages in the book anyway.
Tamklomo 48 minutes ago [-]
Because of a Hashcat tutorial book and video?
Even Claude will help you setup hashcat and co without complaining?
andai 4 hours ago [-]
Congratulations! The book looks great.
I would love to hear more about the process of writing and preparing it for publishing. It's self-published? How did you do the typesetting and the diagrams?
TeaVMFan 1 hours ago [-]
I too would be interested in hearing about the writing and formatting process. I described my own process as a software engineer and first-time novelist here:
https://frequal.com/forwriters/
sijmen 4 hours ago [-]
Congratulate on finishing such a big project on a complicated topic, and putting in all this effort so that others can learn as well. I enjoyed reading the first few pages on Amazon
Footprint0521 2 hours ago [-]
The video url is down? This sounds super interesting!
nilirl 1 hours ago [-]
I love the book cover! Great job, Bojta.
kelsey98765431 3 hours ago [-]
can you discuss your coverage of password mask attacks, specifically is there any advances since EBM
Many early vaults had an insufficient number of rounds, and though the new account default was upgraded over time, the old vaults never were. So longer time customers were very exposed by this breach. Most impactfully by the incompetence they demonstrated by not upgrading vaults.
latchkey 1 hours ago [-]
when i was running 150k amd gpus... i really wanted to use the cluster to run hashcat to help people recover lost things. i couldn't convince management that that was a profitable business to run.
dantillberg 45 minutes ago [-]
> help people recover lost things
You mean "lost things" in quotes. Management may have been more concerned about jail time.
Tamklomo 44 minutes ago [-]
Plenty of valid reasons to recover lost things and not just 'lost things'.
latchkey 40 minutes ago [-]
Yes that was what i was implying.
saberience 2 hours ago [-]
There’s a reason there are no books about this, because most people are not interested in cracking local/offline passwords.
In fact, the people most interested in password cracking are usually criminals.
But good luck with the book. It’s just not a hugely in demand topic.
virtualritz 41 minutes ago [-]
When I lived in Adelaide, Australia 2006 or 2007, flexible-neck LED lamps that you plugged into an USB port to have light on your keyboard (backlit keyboards were not the norm on laptops) were a novelty item.
People simply didn't /know/ about them/that they existed at all.
I went to a computer/electronics shop in town and asked for them.
The guy told me: "We don't stock them because people don't ask for them."
Tamklomo 44 minutes ago [-]
The reason is, that using hashcat is not complicated for people who have linux experience and the amount of people wanting to crack a password is probably not that high.
Otherwise you do find plenty of people on YT walking you through hashcat. The first YT Video alone has 7 Million views: "how to HACK a password // password cracking with Kali Linux and HashCat"
I wish him luck, great drive to do this, i hope it works out well enough, books are just in general not easy to sell.
papascrubs 55 minutes ago [-]
Uh, what?
I'd say that this is a bit relevant to the entire field of cyber security and a good chunk of development roles. If you're not concerned about how password hashing (which is a key component of understanding cracking) works as developer-- I'm not sure what to say. While not all of the in-depth research is probably needed. It's definitely relevant to many technical fields. I work in offensive security and we use tools like this daily in our industry. And no we are not cyber criminals.
Rendered at 19:37:16 GMT+0000 (Coordinated Universal Time) with Vercel.
Does anyone have a good cloud-hosted password cracker? I can't seem to brute force it, no matter how long I let John the ripper run.
This book is currently not really relevant for me, so I just skimmed the samples on Amazon. I found the technical content to be reasonably accurate and interesting although sometimes a little bit verbose (e.g., the section about 'what is a password') or slightly imprecise. In general, I think this book might have benefited from a thorough copyediting pass. There are quite a few grammar errors and unpolished sentences in the book, e.g.:
> The reason why Linux is imperative is that well, for one, most of the tools we will use, while indeed have builds for other systems, like Windows, in this book we will work with Linux.
Wishing you success and keep on writing!
As for it being imprecise, it doesn't talk about any specific software that has any compatibility issues. It dismisses the topic out of hand.
I've hopped through the book and it seems carefully laid out and organized. I may come back at you with questions once I've read further. Cheers.
Why not put the video on YouTube?
You think this stuff is some kind of secret or illicit knowledge?
The video is just less than half a minute of him flipping through some pages in the book anyway.
Even Claude will help you setup hashcat and co without complaining?
I would love to hear more about the process of writing and preparing it for publishing. It's self-published? How did you do the typesetting and the diagrams?
probably a lot of ppl lost crypto this way.
Wikipedia states that there were some field unencrypted, sure, but not the critical data.
More people probably lost crypto by forgetting their passwords like a friend of mine. 10k gone
https://en.wikipedia.org/wiki/2022_LastPass_data_breach#Impa...
Many early vaults had an insufficient number of rounds, and though the new account default was upgraded over time, the old vaults never were. So longer time customers were very exposed by this breach. Most impactfully by the incompetence they demonstrated by not upgrading vaults.
You mean "lost things" in quotes. Management may have been more concerned about jail time.
In fact, the people most interested in password cracking are usually criminals.
But good luck with the book. It’s just not a hugely in demand topic.
People simply didn't /know/ about them/that they existed at all.
I went to a computer/electronics shop in town and asked for them.
The guy told me: "We don't stock them because people don't ask for them."
Otherwise you do find plenty of people on YT walking you through hashcat. The first YT Video alone has 7 Million views: "how to HACK a password // password cracking with Kali Linux and HashCat"
I wish him luck, great drive to do this, i hope it works out well enough, books are just in general not easy to sell.
I'd say that this is a bit relevant to the entire field of cyber security and a good chunk of development roles. If you're not concerned about how password hashing (which is a key component of understanding cracking) works as developer-- I'm not sure what to say. While not all of the in-depth research is probably needed. It's definitely relevant to many technical fields. I work in offensive security and we use tools like this daily in our industry. And no we are not cyber criminals.