Monday, August 27, 2018

Further password cracking - beyond dict + rules


This works quite well for me when I've exhausted the usual approaches.

Update; the OMEN runs have been finding most passwords - you have the slightly thorny problem of training it on "representative" data, but that is another blog post.

Get PACK: https://thesprawl.org/projects/pack/

You'll need aspell and its dictionaries installed too. (apt install aspell-* on debian)

Get OMEN: https://github.com/RUB-SysSec/OMEN

Get prince: https://github.com/hashcat/princeprocessor

Working out rules and dict from passwords

Here, the existing passwords we've cracked from the dump is /root/n3. Use hashcat --show | cut -f 2 -d':' > /root/n3 to get the raw passwords.

rulegen.py -b n3 /root/n3

[ this generates n3.rule, n3.word ]

PRINCE - combinations of words

princeprocessor-0.22/pp64.exe < n3.word -l 100000 --pw-min=12 | head -100000 > n3.prince

[generates candidate passwords of length >= 12 by combining existing words ]

hashcat64.exe -a0 -m 1000 n1 n3.prince -r n3.rule  --loopback  -O

OMEN - probabilistic generation

OMEN/createNG.exe --iPwdList=n3.word

[train our model on n3.word]

OMEN/enumNG.exe -m 100000 -p > n3.omen

[generate a list of candidate passwords]

hashcat64.exe -a0 -m 1000 n1 n3.omen -r n3.rule  --loopback  -O