+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Attack Suggestion for Complex Passwords (/thread-5813.html)
Attack Suggestion for Complex Passwords - msf004 - 08-30-2016
When passwords start becoming much more random and are much stronger, such as:
MyP@sswd!135#
2356@Test#This
FML@R0X!!234
JohnD#Emp123!
(I just made those up).
...it is difficult to identify patterns. Thus, are there any good attack methods to consider? These are more secure passwords and I am not coming up with any efficient attempts to make against them. They often are not based exactly on words, thus I was struggling with applying dictionaries, but (obviously) anything brute-force is out of the question for that length. Even longer masks (?d?d?d?d?s?u?u?u?s?d?l?l?l) would take to long.
I was curious if anyone has any ideas?
RE: Attack Suggestion for Complex Passwords - atom - 08-31-2016
combinator based attacks is the best approach
RE: Attack Suggestion for Complex Passwords - msf004 - 08-31-2016
(08-31-2016, 01:56 PM)atom Wrote: combinator based attacks is the best approach
thank you!
RE: Attack Suggestion for Complex Passwords - msf004 - 09-01-2016
If I have two wordlists that I want to use for a combinator based attack, but I also want to apply rules to one of the wordlists (let us say a leet ruleset). What is the best method to apply the rules of a rule-file to a wordlist; thus, creating a new and longer wordlist?
More to the point, similar the the hashcat-utils, what is the way of applying rules to a wordlist prior to actually running hashcat.
RE: Attack Suggestion for Complex Passwords - atom - 09-01-2016
You just answered yourself. The way to go is to use combinator.bin from hashcat-utils, pipe it to hashcat and apply the rules on there as amplifier, like this:
$ ./combinator.bin wordlist1 wordlist2 | ./hashcat whatever.hash -w 3 -r whatever.rule