06-26-2014, 01:14 PM
To many questions 
I will answer some of them, maybe a different person will answer some other ones..
> when you get stuck, how do you move on?
Different ways. append + prepend stacked rules Hybrid, Random-Rules, again random-rules, Morph, table attack stdin, when nothing helps BF
> I have found several "wordlists" that are full of random chars, are they useful or not?
They are gold if they are real passwords. There is a good chance the user will reuse it (unless it came out of a password manager, but we don't know that)
> Isn't that the same output that you could get from a masked/bruteforce attack?
Yeah, the difference is a much higher chance
> How do you deal with found passwords?
I'm about to write an article on this topic for a new security magazine. Once it's released I will post an info
I will answer some of them, maybe a different person will answer some other ones..> when you get stuck, how do you move on?
Different ways. append + prepend stacked rules Hybrid, Random-Rules, again random-rules, Morph, table attack stdin, when nothing helps BF
> I have found several "wordlists" that are full of random chars, are they useful or not?
They are gold if they are real passwords. There is a good chance the user will reuse it (unless it came out of a password manager, but we don't know that)
> Isn't that the same output that you could get from a masked/bruteforce attack?
Yeah, the difference is a much higher chance
> How do you deal with found passwords?
I'm about to write an article on this topic for a new security magazine. Once it's released I will post an info