400 Million NTLM Hashes

Analyzing the BreachCompilation database, my first goal was to count how many times each unique password showed up in the data.  As it turns out, there are approximately 400 Million unique passwords.  The top 1 Million most common passwords and how many times they showed up can be found on my project page in github: https://github.com/4ndronicus/credential-research

The next step was to build an NTLM hash list for each of the 400M unique passwords.  This will help in password strength audits on Windows systems and Active Directory domains.  In the past day or so, we’ve been able to generate hashes for about 20M of those passwords.  So, it looks like we have a few weeks ahead of us for generating all 400M.  We’re slowly but surely getting there.  Perhaps when that has completed, I can update the credential research project there in github so that security professionals might benefit from this effort.

Maybe while that’s all populating, I’ll have time to work on my Remote Access Tool.  So far, all it does is pull the running processes from the remote system.  It’s pretty much just a stubbed out beginning of a project.  I wanted to learn Windows Socket programming as well as how RATs work, so that’s where that project came from.  I feel that to really understand a technology, you don’t just download one and fire it up.  First, you have to create one of your own.  This gives you much more insight into how things work than just grabbing a random one.  Plus, if you have a particular thing you want to try out or test, you can quickly modify yours.  That way, you don’t have to try and find one that has that particular functionality.  This makes research go much faster, IMHO.  The RAT project is also hosted on github: https://github.com/4ndronicus/remote-access-tool

We’ll see where things go.  Stay tuned.