Attack Suggestion for Complex Passwords
#1
When passwords start becoming much more random and are much stronger, such as:

MyP@sswd!135#
2356@Test#This
FML@R0X!!234
JohnD#Emp123!

(I just made those up).

...it is difficult to identify patterns.  Thus, are there any good attack methods to consider?  These are more secure passwords and I am not coming up with any efficient attempts to make against them.  They often are not based exactly on words, thus I was struggling with applying dictionaries, but (obviously) anything brute-force is out of the question for that length.  Even longer masks (?d?d?d?d?s?u?u?u?s?d?l?l?l) would take to long.

I was curious if anyone has any ideas?
#2
combinator based attacks is the best approach
#3
(08-31-2016, 01:56 PM)atom Wrote: combinator based attacks is the best approach

thank you!
#4
If I have two wordlists that I want to use for a combinator based attack, but I also want to apply rules to one of the wordlists (let us say a leet ruleset). What is the best method to apply the rules of a rule-file to a wordlist; thus, creating a new and longer wordlist?

More to the point, similar the the hashcat-utils, what is the way of applying rules to a wordlist prior to actually running hashcat.
#5
You just answered yourself. The way to go is to use combinator.bin from hashcat-utils, pipe it to hashcat and apply the rules on there as amplifier, like this:

$ ./combinator.bin wordlist1 wordlist2 | ./hashcat whatever.hash -w 3 -r whatever.rule