06-08-2010, 05:05 AM
(This post was last modified: 06-08-2010, 05:06 AM by mastercracker.)
(06-07-2010, 11:29 PM)thorsheim Wrote: Let me explain a bit more. I do password analysis, primarily of Windows LM/NTLM hashes. dictionary/hybrid/RT/bruteforce, you name it.Part of the answer is that you have up to 4 masks you can use so the attack would look like this:
I've got some personal tools to do the analysis, one gives me this output (for NTLM passwords):
Rank Pos 1 Count 1 Pos 2 Count 2 Pos 3 Count 3
1 B 2706 r 3214 u 2668
2 A 977 a 2193 r 1554
3 T 712 e 1646 n 1463
4 M 709 o 1440 l 1161
5 S 659 i 1103 s 867
6 O 517 u 743 e 851
7 E 495 n 519 a 775
8 a 453 l 487 i 672
9 s 449 p 392 t 592
10 t 403 t 375 m 535
Read the columns; First character position, uppercase B is the most popular character, uppercase A the second most character etc. Second character position: lowercase r is the most common, than lowercase a, e, o, i etc.
In environments where complexity requirements are present, there's a 40-50% chance the most popular password format is UL....LLDD (4-6 lowercases in the middle there).
Som my feature request would be a config file, (UTF-8?), where i can either vertically or horizontally list the characters i want to test in every position:
Horizontal config:
BATMSOE
raeoiun
urnlsea
would test Bru...Ena
Best regards,
thorsheim
Code:
oclHashcat.exe example.hash -1 BATMSOE -2 raeoiun -3 urnlsea ?1?2?3?l ?l?d?d