+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: Dealing with longer NTLM passwords (/thread-12139.html)
Dealing with longer NTLM passwords - jinksy - 09-01-2024
Hi,
I've been running an internal password audit against our active directory users. Over the years and password policy revisions naturally the complexity has increased, how is everyone dealing with it? Larger dictionary files, more rules or masks?
I'm still finding password containing 123 however nowhere near as many as I used to, going from 70% recovery rate to less that 5%.
Does anyone have any specifics tips or tricks please.
RE: Dealing with longer NTLM passwords - penguinkeeper - 09-01-2024
Combinators and stacking multiple rules at once, are quite nice for cracking longer passes but yeah, there's only so much you can do