Posts: 2
Threads: 1
Joined: Sep 2022
I have been of provided a large group of AD hashes, for testing by request. The password complexity requirements are set to a minimum of fifteen characters.
Any suggestions for the best plan of attack? Hybrid with some large dictionaries?
Thank you
Posts: 385
Threads: 1
Joined: Aug 2020
Posts: 2
Threads: 1
Joined: Sep 2022
(09-02-2022, 03:06 PM)marc1n Wrote: https://hashcat.net/wiki/
Yeah, I've read it, thanks... Very helpful of you.
Maybe someone could provide some real-world experience thoughts?
Posts: 870
Threads: 15
Joined: Sep 2017
(09-02-2022, 05:41 PM)cathash Wrote: (09-02-2022, 03:06 PM)marc1n Wrote: https://hashcat.net/wiki/
Yeah, I've read it, thanks... Very helpful of you.
Maybe someone could provide some real-world experience thoughts?
well you could use reject rule (but this way you will loose the possibility to use other rules)
you can use
https://hashcat.net/wiki/doku.php?id=hashcat_utils#len to prepare any given wordlist and only use passwords from length lets say min 12 or 14 (depending on the ruleset, there are rules for appending or deleting)
the same can be achieved with princeprocessor
https://github.com/hashcat/princeprocessor https://hashcat.net/wiki/doku.php?id=princeprocessor see option --pw-min