01-19-2022, 03:43 PM
(01-19-2022, 02:35 PM)firefullplank Wrote: One option i thought off is to gen a password for each entry in the mask file and pass that to PACK but it also takes into consideration the frequency of the specific type of password so I am not sure how effective that would be.
well this would result in the same mask, so no, this is not effective at all
to generate a statistic you will need a starting point and therefore at least one wordlist with "real world passwords"
this is the shortened output by pack for a "real word pw list" i found while examining a spam-server used by a german "hacker", i also tried this list (plus best64.rule) against a leaked database dump for a german forum and i was able to instant crack round about 25% of the used passwords
Code:
[*]Length:
[+] 8: 30% (148307)
[+] 6: 29% (142581)
[+] 7: 19% (91284)
[*]Advanced Masks:
[+] ?l?l?l?l?l?l: 12% (58189)
[+] ?l?l?l?l?l?l?l?l: 11% (53264)
[+] ?d?d?d?d?d?d: 09% (42067)
[+] ?l?l?l?l?l?l?l: 08% (40902)
[+] ?d?d?d?d?d?d?d?d: 06% (31394)
snip till first mask with upper occurs
[+] ?u?l?l?l?l?l: 01% (2949)
[+] ?l?l?l?l?l?l?l?l?l?l?l: 01% (2836)
[+] ?l?l?l?l?l?l?l?d?d: 01% (2699)
[+] ?l?l?l?d?d?d?d: 01% (2648)
[+] ?u?u?u?u?u?u: 01% (2602)
[+] ?l?l?l?l?l?d?d?d?d: 01% (2515)as you can see, most passwords are really really simple, but as i mentioned, to get these statistic, you will need a passwordlist to start with