05-08-2018, 11:52 PM
(Sorry if this post is about to go off topic- but now I'm curious!)
Wait- how? Just to make sure- a dictionary is a list of password possibilities ("MyPa55w0rd", etc...), a mask is just "piecewise brute force" ("MyPa55w0rd?d" where ?d means "replace w/ every number"), and a rule is just "character targeted brute force" ("MyPa55w0rd", but try replacing every "a" with "4", "P" with "p", etc...)?
So, you're saying you're confident that this combination (your dictionary, your masks, and your rules) casts a wide enough net (and your hardware runs through them fast enough) as to catch a majority of real-world passwords- right? To be clear- you're not claiming any workaround beyond that?
I guess I'm just incredulous that any dictionary is good enough to get 2 out of 3, and any sufficiently wide mask/ruleset is equally sufficiently impossible to run... is that just my naivety?
(Ok, and also, a quick plug: you might be interested in checking out https://github.com/Phildo/expandpass - lets you really easily generate sensible combinations for password attempts
)
What am I misunderstanding here? How can it possibly take the same amount of time to run 700,000 vs 7,000?
(05-08-2018, 11:02 PM)mrfancypants Wrote: ... I can probably get 2 out of every 3 passwords in the list in a couple of hours, using dictionaries, masks and rules.
Wait- how? Just to make sure- a dictionary is a list of password possibilities ("MyPa55w0rd", etc...), a mask is just "piecewise brute force" ("MyPa55w0rd?d" where ?d means "replace w/ every number"), and a rule is just "character targeted brute force" ("MyPa55w0rd", but try replacing every "a" with "4", "P" with "p", etc...)?
So, you're saying you're confident that this combination (your dictionary, your masks, and your rules) casts a wide enough net (and your hardware runs through them fast enough) as to catch a majority of real-world passwords- right? To be clear- you're not claiming any workaround beyond that?
I guess I'm just incredulous that any dictionary is good enough to get 2 out of 3, and any sufficiently wide mask/ruleset is equally sufficiently impossible to run... is that just my naivety?
(Ok, and also, a quick plug: you might be interested in checking out https://github.com/Phildo/expandpass - lets you really easily generate sensible combinations for password attempts
) (05-08-2018, 11:02 PM)mrfancypants Wrote: ...with NTLM, the time it takes to run the attack is largely independent of the number of hashes. I could do 700 thousand in the same amount of time it took to do 7 thousand.
What am I misunderstanding here? How can it possibly take the same amount of time to run 700,000 vs 7,000?