10-02-2017, 05:50 PM
Thanks atom for the reply!
I agree that prince is strong! I'm curious if you have advice for users of it? Aka if you are a new user, grab wordlist A, add B to it, and then run prince with the following command.
Also what advice would you give for more advanced users? Aka "use a previous list of cracked passwords, but then do C"
As I mentioned, my end goal is to write a guide on Prince so specific examples or tips are really appreciated!
So my initial reaction to that was, "Hey that sounds like a PCFG!" ;p All kidding aside, it really could be done with a PCFG. The grammar itself would be pretty simple, just 1 letter, 2 letter, 3 letter, ... N letter words as the variables, and having the initial base grammar be combining them. That way you could assign probabilities to individual words as well as password guess length. The hardest part would be figuring out how to do the training, (aka how to assign probabilities to words).
Of course, my current PCFG implementation is slow so I don't think I'd actually recommend that.
My gut says a better option would be to modify the princeprocessor (PP) to have multiple elements for the same word length. Aka there could be one element grouping of high probability guesses ['com', 'edu', 'idk', 'cat'], and another lower probability ['mat', 'zeb', 'rat', ...']. Right now my understanding is that PP orders its guesses by keyspace. We might be able to get away without having to modify the keyspace by some weight to reflect the higher probability of words simply because the "high probability" element grouping might naturally be smaller than the "low probability" element grouping. If that's a concern though a weight could be applied.
A harder question would be training. Aka how do we figure out what's a high probability word vs a low probability one? My first guess is to have a dedicated training phase, (so people don't have to train again every time they run PP2). What the training phase looks like would depend on if you wanted to only use a list of previously cracked passwords and create your PP2 input dictionaries from it directly or if you want to evaluate an existing input dictionary against a set of cracked passwords. The output would be a set of sub dictionaries to use in PP2. That way if you wanted to, you could feed PP2 different dictionaries by hand if you don't want to use the training program. That's an important feature since I'm always finding myself wanting to use a target specific wordlist, (aka make 'KoreLogic', and rockstar names be high probability for the next CMIYC ;p)
I don't know if any of the above made any sense of if you are interested. If you want we could move prince processor 2 discussions to a different thread or I could hop on IRC sometime.
Thanks again!
I agree that prince is strong! I'm curious if you have advice for users of it? Aka if you are a new user, grab wordlist A, add B to it, and then run prince with the following command.
Also what advice would you give for more advanced users? Aka "use a previous list of cracked passwords, but then do C"
As I mentioned, my end goal is to write a guide on Prince so specific examples or tips are really appreciated!
(10-01-2017, 11:36 AM)atom Wrote: But it's not perfect. If there's a way to add in some priorization (princeprocessor 2) that would make it perfect. That is that some words are kind of more likely than others.
So my initial reaction to that was, "Hey that sounds like a PCFG!" ;p All kidding aside, it really could be done with a PCFG. The grammar itself would be pretty simple, just 1 letter, 2 letter, 3 letter, ... N letter words as the variables, and having the initial base grammar be combining them. That way you could assign probabilities to individual words as well as password guess length. The hardest part would be figuring out how to do the training, (aka how to assign probabilities to words).
Of course, my current PCFG implementation is slow so I don't think I'd actually recommend that.
My gut says a better option would be to modify the princeprocessor (PP) to have multiple elements for the same word length. Aka there could be one element grouping of high probability guesses ['com', 'edu', 'idk', 'cat'], and another lower probability ['mat', 'zeb', 'rat', ...']. Right now my understanding is that PP orders its guesses by keyspace. We might be able to get away without having to modify the keyspace by some weight to reflect the higher probability of words simply because the "high probability" element grouping might naturally be smaller than the "low probability" element grouping. If that's a concern though a weight could be applied.
A harder question would be training. Aka how do we figure out what's a high probability word vs a low probability one? My first guess is to have a dedicated training phase, (so people don't have to train again every time they run PP2). What the training phase looks like would depend on if you wanted to only use a list of previously cracked passwords and create your PP2 input dictionaries from it directly or if you want to evaluate an existing input dictionary against a set of cracked passwords. The output would be a set of sub dictionaries to use in PP2. That way if you wanted to, you could feed PP2 different dictionaries by hand if you don't want to use the training program. That's an important feature since I'm always finding myself wanting to use a target specific wordlist, (aka make 'KoreLogic', and rockstar names be high probability for the next CMIYC ;p)
I don't know if any of the above made any sense of if you are interested. If you want we could move prince processor 2 discussions to a different thread or I could hop on IRC sometime.
Thanks again!