DES random generated bforcing
#1
Hello

I'd like to ask for best way to crack 6 signs random generated DES hashes (lower/upper alpha) examples below:
Code:
8r7CzL
AXMKD5
AgCdzb
BFQh5A
DHKrTq
EfTq49
Jjpqws
KVyq6Z
LrU4QE
NUZzAt
TEDn5S
VSuZR7

i know that i could use simple mask attack with ?1?1?1?1?1?1 and ?l?d?u settings, also hybrid attack (ex 3 signs dict + 3 signs mask) but this methods aren't to efficient because of checking a lot of unnecessary candidates like aaaaaa aaaaab.... and so on.
Maybe some of You knows better methods to handle with those type of passwords?
Thanks in advance for any information
#2
BruteForcing ?l?u?d=6 won't take so long. (maybe not if salted).

However, for your request, you can use this way:
Random, unique, pure words

: D
#3
there is no guarantee for a "total random word" not to equal "aaaaaa"
#4
Thats what i was thinking, just because 'aaaaaa' looks unrandom it is just as possible as 'ZgHtRe'

aaaaaa - ZZZZZZ

26*26*10 per character position
* length of 6

not that many possiblities
#5
(05-07-2012, 10:08 AM)phillips321 Wrote: 26*26*10 per character position
* length of 6

check your math: (26+26+10)^6
#6
i would like to know the best approach too..
i would say in that case, evaluating from the sample, to find patterns...
like...first char uppercase maximum digit chars 2 and play with it
good luck
#7
what exactly is it you don't understand about "random"? There is no pattern. A random password can also be "aaaaaaa" or "hello1". It is just exactly the same probability.
#8
Thanks for all answersSmile
As for definition of "random" in this case we won't have any passwords which:
1) have only lower alpha, upper alpha or digits - all passwords contains at least two types of signs (in most of cases - all 3 of them),
2) no "human readable" words like hello1,
3) signs won't repeat next to each other - no passwords like 3xxWt7.
4) Using use rules like ?l?u?d?l?u?d is also quite useless - we would have to try all possible combination for them - it won't save our precious timeWink

I think that good solution might be creating 3 digits wordlist but without useless candidates like aaa,aab and so on (don't have idea how to create it) and then use it with Hybrid attack with ?l?u?d
#9
Quote:what exactly is it you don't understand about "random"? There is no pattern. A random password can also be "aaaaaaa" or "hello1". It is just exactly the same probability.
dont need a draw mate, thanks anyway...
aint an excuse though but maybe i called it random by mistake(english aint my native language), perhaps patterned gens fits better somehow.
the thing is i've several samples of like 10000 decrypted hashes(indeed are small samples) and i can find patterns there, apparently it was used the same gen script, as for example in a 8 charset,
i cant see more than 3 digits neither 2 same lowercases next to each other and other ones i cant recall right now.
so about randomness i agree with you, the odds are the very same for every char but maybe, generically speaking, the automated process avoid some strings in some way.
@pierzi
indeed all my samples handshake those conditions you posted.

in the end we're just willing to do some progress with these kind of hashes that's all.

cheers!