01-10-2012, 03:29 PM
(01-09-2012, 02:20 AM)Kgx Pnqvhm Wrote: For me, hash cracking is an entertainment, like a chess game.Interesting stuff !
The fun is the art and science of making wordlists and rules.
The KoreLogic rules, along with Rick Redman's slide show explaining the ideas behind them, are a good starting point. I track how many mangles each produces, as a gauge to how long they take to run, so the quick rules can be run first, and the longer rules can be run later.
I have managed to make my lists very small now by removing the “elaborations†and using only base words. Now that hashcat’s rules are so comprehensive I am able to cover more ground with much less !
At first I made lists of mutilations by cutting the first and last characters from many password lists. I went 1,2 and 3 deep at either end. When I removed the duplicates from these test rules I noticed that there are very few mutilations made to passwords. I am sure you are aware of the most common, 123, 007, 666 etc.
I am at the moment trying to make up to 15 toggle rules (without much luck so far) so I can modify more precisely. When or if I manage to make them I will of course share them here.
Another area you may be interested in is my next project, keyboard patterns. When people pad with qwerty or zxcvb etc. These are good prefix / suffix padding’s around base words.
Nicknames are my next target, I want to try to collect as many user / nick names as possible as I believe some of them make good password candidates themselves.
If the table lookup attack can ever be made to work with hashcatplus then we have a massively powerful “leet†tool which will be fantastic when used with these base words.
Nice to know we have you scouting the internet looking for ideas for hashcat !