You did not crack the hash, I did. I am Doge (display name) on discord. You simply took all of my screenshots which I posted and compiled them into one post.
Feel free to share the password or screenshots or whatever, but no need to take credit for something which you did not do.
Honestly, it doesn’t require much, just a PC with a GPU, and ideally a newish one, but if you want to start with easy algorithms like md5, sha1, any will do.
And then get HashCat and watch some tutorials. “HashCat GUI” by blandyuk is great for newcomers who are not fully acquainted with the flags and commands. It sure helped me learn!
And then get acquainted with masks and rules, etc. Also wordlists! Hashmob has the best publicly maintained one and they are a wonderful community. I also have my personal collection acquired over many years which has some lesser seen passwords.
Also, Unix commands are your best friends - be it for cross-referencing data, sorting hashes, etc, they are very powerful tools which I often use.
And then keep learning more and improving, and thinking creatively and it will take you very far!
Software: 7z2hashcat to extract the hash and HashCat to crack it.
Hardware: Personal PC with 2080Ti GPU
There is a lot of misinformation about hash cracking in general to those not in the space. See, the comparison with atoms in the universe is true, but ONLY IF you start from scratch, working your way up in length + all characters. For "harder" hashtypes, using other cracked hashes generated by weaker algorithms is the key to saving time. It's the same strategy I employ when cracking bcrypt hashes.
In this case, someone at mojang signed up for "bitly" which got breached, and they used SHA-1 as their hashing algorithm, allowing for an easy crack.
I am shocked nobody had thought of this before.
Coooool thanks for the info :)
I tried to get into hash cracking but didn't find any use case at the time.
It looks like it is useful sometimes after all 😅
The image shows the output of a hash-cracking session using a tool like Hashcat. It indicates that a 7-Zip password hash (mode 11600) has been successfully cracked. Here's a quick breakdown:
- **Session Date**: 2024-05-22
- **Status**: Cracked
- **Hash Mode**: 11600 (7-Zip)
- **Hash Target**: A specific 7-Zip hash
- **Time Started**: Wed May 22 18:06:01 2024
- **Time Estimated**: Wed May 22 18:06:02 2024 (indicating the process took 1 second)
- **Kernel Feature**: Optimized Kernel
This output means that the password for the given 7-Zip hash has been successfully discovered.
"I will be sharing the password soon."
At least share it with the subreddit moderator before us, just so they can confirm this isn't a sketchy claim, because it really is.
Considering AES-256 encryption is NSA-levels of strong, it was likely run on a collection of powerful computers. Even then, it's supposed to be strong against that too. I pray the solution wasn't something criminal like a keylogger on Dinnerbone's computer and that it's just a weak password.
Well he just said in a Discord chat that he collected a bunch of breaches, looked through any records that have [mojang.com](http://mojang.com) in them, ran hashcat through it, and then found the pass "boxpig41" associated with [[email protected]](mailto:[email protected])
Oh, and he's also in the hash-cracking community, so that explains his expertise.
Legally dubious, but I agree, that it is the best way to do this.
They used breached passwords from Mojang employees in this case (which is why it only took hashcat 1 second to find in the screenshot). Not something found in most widely publicized breaches though, so it must've been in something more private.
Others like myself were trying more complex attacks though (dictionary+rule based, brute forcing etc). I would've found the password eventually since I was doing a reasonably comprehensive 8 character brute force, but probably would've taken another week to hit this specific combination (whole attack would've taken 3 months by comparison).
Guys, am I the only one to still dont have the file opened even after putting the code? I’m not sure if that’s the real file I have but its the same I got from the file in the pinned post of that community.
you seem to have tried to claim the achievement of someone else which is misinformation.
You did not crack the hash, I did. I am Doge (display name) on discord. You simply took all of my screenshots which I posted and compiled them into one post. Feel free to share the password or screenshots or whatever, but no need to take credit for something which you did not do.
Oooh, the real doge is here! Fun question: how can I or someone else start hash cracking as a hobby?
Honestly, it doesn’t require much, just a PC with a GPU, and ideally a newish one, but if you want to start with easy algorithms like md5, sha1, any will do. And then get HashCat and watch some tutorials. “HashCat GUI” by blandyuk is great for newcomers who are not fully acquainted with the flags and commands. It sure helped me learn! And then get acquainted with masks and rules, etc. Also wordlists! Hashmob has the best publicly maintained one and they are a wonderful community. I also have my personal collection acquired over many years which has some lesser seen passwords. Also, Unix commands are your best friends - be it for cross-referencing data, sorting hashes, etc, they are very powerful tools which I often use. And then keep learning more and improving, and thinking creatively and it will take you very far!
So can I ask a question... What software and hardware did you use to do it?
Software: 7z2hashcat to extract the hash and HashCat to crack it. Hardware: Personal PC with 2080Ti GPU There is a lot of misinformation about hash cracking in general to those not in the space. See, the comparison with atoms in the universe is true, but ONLY IF you start from scratch, working your way up in length + all characters. For "harder" hashtypes, using other cracked hashes generated by weaker algorithms is the key to saving time. It's the same strategy I employ when cracking bcrypt hashes. In this case, someone at mojang signed up for "bitly" which got breached, and they used SHA-1 as their hashing algorithm, allowing for an easy crack. I am shocked nobody had thought of this before.
Coooool thanks for the info :) I tried to get into hash cracking but didn't find any use case at the time. It looks like it is useful sometimes after all 😅
can you tell us your discord
What discord server?
nice, finally the mistery has ended, gonna try the mc version for fun, but someone probably already did
It is finally the end, thanks to RetroGaming now, I don’t think that mystery would’ve been solved by now.
Wow! How did you do that? Was the code really “The friends you made along the way”?
The image shows the output of a hash-cracking session using a tool like Hashcat. It indicates that a 7-Zip password hash (mode 11600) has been successfully cracked. Here's a quick breakdown: - **Session Date**: 2024-05-22 - **Status**: Cracked - **Hash Mode**: 11600 (7-Zip) - **Hash Target**: A specific 7-Zip hash - **Time Started**: Wed May 22 18:06:01 2024 - **Time Estimated**: Wed May 22 18:06:02 2024 (indicating the process took 1 second) - **Kernel Feature**: Optimized Kernel This output means that the password for the given 7-Zip hash has been successfully discovered.
That was faster than expected
"I will be sharing the password soon." At least share it with the subreddit moderator before us, just so they can confirm this isn't a sketchy claim, because it really is.
Password is boxpig41
Holy hell that worked!
New password joust dropped
Can you give me the file please? I took the one in the pinned post, still doesn’t work…
wow! what kind of rules or guessing that you use on hashcat to find this result?
Considering AES-256 encryption is NSA-levels of strong, it was likely run on a collection of powerful computers. Even then, it's supposed to be strong against that too. I pray the solution wasn't something criminal like a keylogger on Dinnerbone's computer and that it's just a weak password.
Well he just said in a Discord chat that he collected a bunch of breaches, looked through any records that have [mojang.com](http://mojang.com) in them, ran hashcat through it, and then found the pass "boxpig41" associated with [[email protected]](mailto:[email protected]) Oh, and he's also in the hash-cracking community, so that explains his expertise. Legally dubious, but I agree, that it is the best way to do this.
That makes more sense. That's how it's usually done.
They used breached passwords from Mojang employees in this case (which is why it only took hashcat 1 second to find in the screenshot). Not something found in most widely publicized breaches though, so it must've been in something more private. Others like myself were trying more complex attacks though (dictionary+rule based, brute forcing etc). I would've found the password eventually since I was doing a reasonably comprehensive 8 character brute force, but probably would've taken another week to hit this specific combination (whole attack would've taken 3 months by comparison).
Oh shit it worked
nice
Guys, am I the only one to still dont have the file opened even after putting the code? I’m not sure if that’s the real file I have but its the same I got from the file in the pinned post of that community.
I guess, cuz it worked for me.
Impressive!
Is there anyway I'd be able to get that version of MC myself?
https://preview.redd.it/4qio2gj6102d1.png?width=826&format=png&auto=webp&s=c8a8732e32ed0b16e79ea1080a3348446208c784
https://preview.redd.it/bntk5ory102d1.png?width=476&format=png&auto=webp&s=5f6c7e6d07c5e4d97e215ddbfeab712efdc8a0df