11-16-2011, 06:20 AM
I need some help in creating rule modifying wordlist, my wordlist contains Zmazone0..Zmazone9 (that's sufficient to resolve password problem e.g Zmazone9, according to a stricter 4-rules password conditions :
1.Must contains at least 8 char long, and
2.contains at least 1 low case char, and
3.contains at least 1 upper case char, and
4.contains at least 1 digit.
)
How can I add a rule that dynamically turns a just tested code into
scenario 0:
even though I call rules file, first of all program should just test the basic codes in the wordlist of 8-permutations.
Only if not found password then apply next possible scenarios
scenario 1:
Some routers requires must contain at least one upper alphabet, but not need a digit
Zmazone0..9 into Zmazonea..Zmazonez (when found one digit at the end, cut the digit at the end, and permutate it with a..z, if not catch password,, then go to next code)
scenario2:
some routers still allow all chars in lower case, so the password turns into zmazonez| here I need a rule that when come to code ZmazoneZ, it also modify it to lower case it to amazonez and test it. It is clear that it takes 2 times longer to run with this conversion rule, but perhap it come to crack the password quicker then running test on two wordlists: one with the stricter 4-rules conditions, then one with 8-chars long but all low case alphabet, remember the to be cracked code starts with a z ends with z
scenario3:
have guess the pattern Zmazone9 used by one admin, but another naughty admin was cautious with the speed of bruteforce so he/she uses Zmazone91234567890, ah, that is a noughty 15 char long!. So is there any rule or method to stay with testing a normal 8-permutation, if not found then apply dynamic rule to cover an extended permutation e.g here Zmazone9+"1234567890". Without running into the problem howto and how long will bruteforce on 15 char length permuation wordlist or how many years would take to run from A until reach the start-with-z or Z code of a 15-space-
scenario4:
just when problem with "Zmazone9" solved, the next day, an over-cautious admin come along then change code into this Zmazone91234567890Zmazone91234567890. Simple to remember, and naughtly ask Can you also hack this? I won't ask do you have an idea how to hack this without running educated guess on 8, then 9, .., then 10, then 15-characters-permutation wordlist, then then 16-characters-permutation wordlist then ups is it not a 30-char-long permutation???
1.Must contains at least 8 char long, and
2.contains at least 1 low case char, and
3.contains at least 1 upper case char, and
4.contains at least 1 digit.
)
How can I add a rule that dynamically turns a just tested code into
scenario 0:
even though I call rules file, first of all program should just test the basic codes in the wordlist of 8-permutations.
Only if not found password then apply next possible scenarios
scenario 1:
Some routers requires must contain at least one upper alphabet, but not need a digit
Zmazone0..9 into Zmazonea..Zmazonez (when found one digit at the end, cut the digit at the end, and permutate it with a..z, if not catch password,, then go to next code)
scenario2:
some routers still allow all chars in lower case, so the password turns into zmazonez| here I need a rule that when come to code ZmazoneZ, it also modify it to lower case it to amazonez and test it. It is clear that it takes 2 times longer to run with this conversion rule, but perhap it come to crack the password quicker then running test on two wordlists: one with the stricter 4-rules conditions, then one with 8-chars long but all low case alphabet, remember the to be cracked code starts with a z ends with z
scenario3:
have guess the pattern Zmazone9 used by one admin, but another naughty admin was cautious with the speed of bruteforce so he/she uses Zmazone91234567890, ah, that is a noughty 15 char long!. So is there any rule or method to stay with testing a normal 8-permutation, if not found then apply dynamic rule to cover an extended permutation e.g here Zmazone9+"1234567890". Without running into the problem howto and how long will bruteforce on 15 char length permuation wordlist or how many years would take to run from A until reach the start-with-z or Z code of a 15-space-
scenario4:
just when problem with "Zmazone9" solved, the next day, an over-cautious admin come along then change code into this Zmazone91234567890Zmazone91234567890. Simple to remember, and naughtly ask Can you also hack this? I won't ask do you have an idea how to hack this without running educated guess on 8, then 9, .., then 10, then 15-characters-permutation wordlist, then then 16-characters-permutation wordlist then ups is it not a 30-char-long permutation???