Monday, August 27, 2018
Further password cracking - beyond dict + rules
This works quite well for me when I've exhausted the usual approaches.
Update; the OMEN runs have been finding most passwords - you have the slightly thorny problem of training it on "representative" data, but that is another blog post.
Get PACK: https://thesprawl.org/projects/pack/
You'll need aspell and its dictionaries installed too. (apt install aspell-* on debian)
Get OMEN: https://github.com/RUB-SysSec/OMEN
Get prince: https://github.com/hashcat/princeprocessor
Working out rules and dict from passwords
Here, the existing passwords we've cracked from the dump is /root/n3. Use hashcat --show | cut -f 2 -d':' > /root/n3 to get the raw passwords.
rulegen.py -b n3 /root/n3
[ this generates n3.rule, n3.word ]
PRINCE - combinations of words
princeprocessor-0.22/pp64.exe < n3.word -l 100000 --pw-min=12 | head -100000 > n3.prince
[generates candidate passwords of length >= 12 by combining existing words ]
hashcat64.exe -a0 -m 1000 n1 n3.prince -r n3.rule --loopback -O
OMEN - probabilistic generation
[train our model on n3.word]
OMEN/enumNG.exe -m 100000 -p > n3.omen
[generate a list of candidate passwords]
hashcat64.exe -a0 -m 1000 n1 n3.omen -r n3.rule --loopback -O