(08-03-2018, 12:10 PM)eriden Wrote: Hi,
I want to create a good dictionary as part of pen testing that attempts to crack NTLM hashes that are minimum 16 characters in length and with password complexity requirements. Do any of you have experience pen testing passwords of such a length? Any ideas on how I should proceed?
My initial thought was that people using passwords of 16+ characters in length would mostly use pass phrases (I.e. "I love my two dogs!"). So perhaps combining words in a common wordlist would be a way to go? Right now I have created a list of approx 650k+ words, names, dates etc. Would combining these be a way to go? If so, how? I see that there are several python/ruby scripts for this purpose... but I feel like I should have some kind of rules and not just combine words randomly.
I have also tried using the crackstation wordlist and running it through a filter that requires 16+ chars and password complexity - which resulted in the size going from 15gb to 38mb...
Any tips? I have little experience with password cracking, so any guidance will be highly appriciated!
Did you try OMEN or passgan (https://github.com/brannondorsey/PassGAN)
You could train it and then use it to generate passwords with your specifics and feed it into Hashcat