hashcat utils, and the "Expander"

[me.scotty]

Posted links no longer work.
Apparently, there was a forum overhaul in the recent past...

Anyways, what I'm most interested in is the "Expander".
I was able to locate alternative download sites using google, but I see that it's debian binary. Not real useful for us Windows folks.

Would someone (atom?) would mind posting the source?
If not, how about a URL to the algorithm?
I will volunteer to create a Java version that can be run anywhere.

[atom]

http://hashcat.net/files/hashcat-utils-0.5.7z it should contain both, linux and windows binaries...

[me.scotty]

Perfect! Just what I was looking for.
Thanks.

[me.scotty]

I wanted the "expander" in order to try out the procedure shown on http://www.question-defense.com/2010/08/...int-attack

The author states this is an effective method, but it seems weak.
Whereas oclHashcat has the notion of left and right sides, essentially signifying "prefix" and "suffix" halves of a potential password, the expander simply outputs every permutation of every dictionary word.

To me a much better technique would be to process every dictionary word looking for potential prefixes and suffixes, rank them, then output the "best" n candidates for input into oclHashcat.

I went ahead and did this in Java (only took a couple of hours), and the results look very promising.
Unfortunately I'm unable to properly benchmark this because my test hash type is descrypt, and descrypt is not supported in oclHashcat (it is supported in the other two flavors...). So it will have to just look promising for the time being.

I'll make you a trade - If you add support for descrypt into oclHashcat, I'll post the source code!

[atom]

oclHashcat-plus has stdin support. should work for you.

[mastercracker]

And in case you ask for it later, OclHashcat-plus don't have a left and right but you can always make a second wordlist modified by inserting $ in front of every letter of every word and use it as a rule (right equivalent) file. For example a wordlist with Insert and Password, you would modify it to:

$I$n$s$e$r$t
$P$a$s$s$w$o$r$d

[jackdorsey]

I wanted the "expander" in order to try out the procedure shown on http://www.question-defense.com/2010/08/...int-attack

The author states this is an effective method, but it seems weak.
Whereas oclHashcat duplicate finder has the notion of left and right sides, essentially signifying "prefix" and "suffix" halves of a potential password, the expander simply outputs every permutation of every dictionary word.

To me a much better technique would be to process every dictionary word looking for potential prefixes and suffixes, rank them, then output the "best" n candidates for input into oclHashcat.

I went ahead and did this in Java (only took a couple of hours), and the results look very promising.
Unfortunately I'm unable to properly benchmark this because my test hash type is descrypt, and descrypt is not supported in oclHashcat (it is supported in the other two flavors...). So it will have to just look promising for the time being.

I'll make you a trade - If you add support for descrypt into oclHashcat, I'll post the source code!

Thank you I love the hashcta utils!