Saturday, September 15, 2018

More on password cracking

Some more ideas for password cracking when you've run dict+rules.

lastN or lastN-M is a list of common suffixes taken from a breach compilation

l33tXXX.rule are leetified rules - see perl script after the bash script:


# no inc as we've done it already
python3 -i ../32hex.txt -t md5 --noinc -d /root/dict/Top32Million-probable.txt -r rules/nsav2dive.rule

python3 -i ../32hex.txt -t md5 --noinc -d /root/dict/Top95Thousand-probable.txt -r rules/l33test.rule

# troy hunt and other breaches..
python3 -i ../32hex.txt -t md5 --noinc -d /root/dict/breachcompilation.txt -r rules/nsav2dive.rule

# dumb stuff
# python3 -i ../32hex.txt -t md5 --noinc --mask maskfiles/default.hcmask

python3 -i ../32hex.txt -t md5 -d nb --noinc -e /root/dict/last1-4.txt

python3 -i ../32hex.txt -t md5 --noinc -d /root/dict/ucth.txt -r rules/nsav2dive.rule

python3 -i ../32hex.txt -t md5 --noinc -d /root/dict/Top2Billion_probable.txt -r rules/l33t64.rule

python3 -i ../32hex.txt -t md5 -d /root/dict/first1-4.txt -e nb

# suffixes...
python3 -i ../32hex.txt -t md5 --noinc -d /root/dict/Top95Thousand-probable.txt -e /root/dict/last1-4.txt

# python3 -i ../32hex.txt -t md5 --noinc -d /root/dict/Top32Million-probable.txt -e /root/dict/last3.txt

# python3 -i ../32hex.txt -t md5 --noinc -d /root/dict/Top32Million-probable.txt -e /root/dict/last4.txt

# previously found and phrases
python3 -i ../32hex.txt -t md5 -d nb --noinc -r rules/l33test.rule

python3 -i ../32hex.txt -t md5 --noinc --mask maskfiles/hashcat.hcmask

python3 -i ../32hex.txt -t md5 -d /root/dict/Top2Billion_probable.txt -r rules/best64.rule  --noinc

python3 -i ../32hex.txt -t md5 -d /root/dict/Top2Billion_probable.txt -r hashcat-4.0.1/rules/InsidePro-PasswordsPro.rule  --noinc

python3 -i ../32hex.txt -t md5 -d /root/dict/crackstation.txt --noinc

python3 -i ../32hex.txt -t md5 --noinc -d /root/dict/Top258Million-probable.txt -e /root/dict/last3.txt

# PACK - password policy mask
# python3 -i ../32hex.txt -t md5 --noinc --mask maskfiles/ntlm.hcmask

python3 -i ../32hex.txt -t md5 -d /root/dict/Top2Billion_probable.txt -r rules/nsav2dive.rule  --noinc, which takes an existing rules file and leetifies it:


# leetifies existing rules


while ($line=<STDIN>) {
    chomp($line);    chomp($line);

    if ($line=~m/\S/ && $line!~m/^#/) { 
        if ($line!~m/s[oOaAeEiIsS]/) {
            # don't do repeat substitutions
            print $a;

#usage - might need to dos2unix the source rules first 

# perl rules/ < rules/nsav2dive.rule | awk '!x[$0]++' > l33tnsa.rule

# perl rules/ < d3adhob0.rule.txt | awk '!x[$0]++' > deadleethobo.rule

# perl rules/ < rules/InsidePro-PasswordsPro.rule | awk '!x[$0]++' > l33tpasspro.rule

# cat rules/nsav2dive.rule d3adhob0.rule.txt |  perl rules/ | awk '!x[$0]++' > l33test.rule

# perl rules/ < rules/best64.rule | awk '!x[$0]++' > l33t64.rule

# etc.