08-23-2016, 08:56 PM
(08-23-2016, 08:48 PM)royce Wrote: It sounds like you've discovered a number of options from your research. What are they? What criteria have you considered for prioritizing them?
That is a great question, Royce.
First, I have found many wordlists from posts and online, such as: english words, 1337, casemutation, first names, last names, as well as others.
I have read many opinions that say long word lists are not as important as applying rules to smaller, great word lists.
Thus my initial notes were:
(1) try a straight against the popular passwords file: -a 0
(2) try a wordlist with brute-force: -a 6 example.dict ?d?d?d?d
(3) try wordlists with rules: -r <rules file> <hashes> <dictionary>
On #3, I mostly have rules files that came with hashcat.
When I apply all of this, being I have ~10 wordlists as well as >10 rules files. Suddenly I have many dozens of different attacks to try - which is good; however, I think this is also my reason for the post.
Thus, I was hoping someone may have some opinions/views/knowledge on attack methods that may be better for my password rules that I know.