Cracking password with qwerty order charset
#1
So i was wondering how this can be done, either with rules or specific mask or dictionary i can generate. For example the password can be: passwordzxcvbasdfg. note password will always be the first word. The whole password is lowercase, and zxcvb and asdfg are in order of the standard qwerty keyboard layout, also called keyboard walk i believe. i was wondering since i know it will always be random strings of that layout and not random letters and numbers, how can i make my cracking more efficient by using this? Also the letter count is unknown so no set character count.
#2
what you're looking for is known as a keyboard walk. There's for example jtr's external mode that can do this and you can use this with jtr's --stdout mode and pipe it to oclHashcat but actually there's a limited number of used keyboard walks in the wild. I guess by collecting them and then running them in combinator mode you would archieve even better results.
#3
I just stumbled onto this https://github.com/Rich5/Keyboard-Walk-Generators might be help you here.
#4
(07-10-2015, 11:01 AM)NullMode Wrote: I just stumbled onto this https://github.com/Rich5/Keyboard-Walk-Generators might be help you here.

Thanks that's exactly what i was looking for, works great although im wondering what all the -x exclude arguments mean. i only want left to right of keyboard so what does shift_right mean compared to just right? and i dont see how in the script i can exclude caps and symbols and numbers but i can just use the utils to delete em from the file anyway.
#5
I realize that this is a little late, but since I'm the author of the tool mentioned I thought I'd comment. The -x option is for pruning the qwerty graph structure. Method 1 walks a graph using a modified depth-limited search. Depending on the depth specified the script may never complete fully. The "shift_right" represents a directed link in the graph, and generally how you would construct walks manually. In other words, literally holding down shift and then pressing the key to the "right" of the current key. For example, if you were on the "k" key then shift_right would be "L". If you want to avoid caps and symbols you could exclude all the "shift" links in the graph (I think. I haven't tested this). Honestly, Method 2 is the more practical of the two methods of generating walks. Hope that helps a little.