|
How to become proficient at password cracking?
|
01-18-2024, 11:24 AM
Hi, I'm new to password cracking and I'd like to know how to be become better in the field, where should I start from? I already used hashcat to recover passwords but those were very simple, I could do that with dictionary attack and very primitive mask attack when a mask was only 6-10 numbers. Dictionaries were not made by me and they are in public access.
01-18-2024, 11:27 AM
Right now I'm trying to retrieve password patterns from a very huge MD5 hash dump, is it worth it?
01-18-2024, 12:35 PM
It all starts with knowing what kind of passes do you attack, does they have some kind of passwordpolicy (minimum lenght etc.) where are the hashes from? what language was used? most dictionarys are targeting at english passes, you will have some hits on other languages too, but you will never be so succesfull when targeting for example german passes
always look at already cracked passes from that source, this way you can sometimes see a pattern like mentioned above, had a databreach where the passes where ALL of lenght 8, yeah nice to know
01-18-2024, 01:23 PM
(01-18-2024, 12:35 PM)Snoopy Wrote: It all starts with knowing what kind of passes do you attack, does they have some kind of passwordpolicy (minimum lenght etc.) where are the hashes from? what language was used? most dictionarys are targeting at english passes, you will have some hits on other languages too, but you will never be so succesfull when targeting for example german passes Is there some theory that I have to know except what you've said? My impression is password cracking skill is due to 90% of time practicing by cracking hashes themselves and making guesses on password structure, and 10% is some theory
you cant really "practice" cracking and get better, the theory is just guessing your next best step according to the infos you have, but without anything known about the attacked passes it just tears down to huge and good wordlist (collected from known breaches) combinated with some rules and hoping that most people will use similar simple passwords like fiirst/lastname+year of birth
when attacking pure random chosen passes like from a password-generator its all about luck (short ones) finding that pass and when using long enough passwords its nearly impossble 
For sure,a large part it is practice and experience. For example, knowing a) which attack type to use in which situation and b) how to avoid checking unneeded options, makes a tremendous difference and is more important than expensive hardware.
For example, will your hybrid attack contain ?d?d?d?d for a year, or will it be -1 12 -2 90 ?1?2?d?d. The later option is 25x faster. An even better option would be to use a rule set for common dates, perhaps followed by a special character. Especially when a small mask is first and the word list is second in a hybrid attack, it becomes slow. Rule sets do not have this problem, whether it is append or prepend, hence it can be a better solution than hybrid attacks which rely on a mask. Another booster is the ability to use left (-j) and right (-k) rules in hybrid attacks, they can make your life much easier and are often overlooked by beginning hashcat users. With regards to theory, it is important to understand bottlenecks and how to supply more work as well as reading on the forum and wiki in general: https://hashcat.net/faq/morework Last tip, when I started understanding and building my own rule sets, I noticed I jumped in my capacity to crack hashes. Using rules is the most powerful tool hashcat has to offer, they are very much worth learning. Another thing to understand that the skills you have to learn depend on whether you want to crack many hashes in a database/breach, or if you want to help a specific client. The skills are different. In the first case you focus on general password patterns and systematic rules such length, while in the later you translate the clients mind and way of thinking into custom masks and rule sets.
01-22-2024, 02:20 PM
(01-20-2024, 01:52 PM)monyanus Wrote: For sure,a large part it is practice and experience. For example, knowing a) which attack type to use in which situation and b) how to avoid checking unneeded options, makes a tremendous difference and is more important than expensive hardware. well maybe we have a different view on that, but all of your examples, especially with dates in my view is all about theory, of course it is faster, because of reduced keyspace but this has nothing to do with "practice". when i want to add common dates with rules or masks, for sure i dont use ?d?d?d?d, but this thinking is done before and not after i see: oh hashcat is testingĀ 3000-9999 also, but dont needed, so this is plain "theory" never the less, a good overview by monyanus
01-23-2024, 10:29 AM
(This post was last modified: 01-23-2024, 10:38 AM by monyanus.
Edit Reason: Just improving readability
)
Thanks! You call it theory and indeed you are correct. However, in my experience it is often that you are forced to learn the theory by necessity and experience in practice based on the kind of passwords you encounter. For me these two go hand in hands. Just like normal software development, you need to encounter a problem first, and then dive in theory and examples by others to overcome the problem. Just learning theory in the beginning without applying it or needing it in practice does not work as well both for programming and hash cracking (at least it does not work for me).
Perhaps I can give two example to illustrate how theory and practice go hand in hand for me. I have my own rules for inserting typos, changes in case as well as insertions, replacements, deletions etc. However, in practice I found that the password I encounter often have the "typo's" or unique elements next to each other. This led me to make new rule sets where Toggling cases is not anymore any combination, but the targets are adjacent and often at the beginning or end of a (pass-)word. After checking the wiki I found you can duplicate first and last N characters. This was another frequently occurring case, e.g. Password, had become PPPassword, or Pppasword. |Duplicate block front |yN |Duplicate first N characters |y2 |p@ssW0rd |p@p@ssW0rd |* |Duplicate block back |YN |Duplicate last N characters |Y2 |p@ssW0rd |p@ssW0rdrd |* These very cool rules allowed me to more efficiently check those kind of purposeful typos. A more advanced problem I encountered was artificial words created by a client. I solved this by implementing my own code to break all words of one language into syllables, counting their occurrence and making list of them. e.g. lists of 90% most occurring, 80% most occurring syllables. By applying statistics, the number of combinations in syllables drop greatly while only slightly reducing the chance of finding a hit. Again theory combined with pragmatic need based on what I encounter/observe in my cases. The most important thing here is not to get lazy and assume you know all. Every case I learn new things about both passwords, how humans think, and how awesome hashcat truly is. Hascat has so many great features build based on the experience of many great hash crackers and the number of tricks you combine is near infinite, especially when you also combine it with your own code and hashcat utils. |
|
« Next Oldest | Next Newest »
|
