What are your strategies for cracking longer passwords?
#1
15+ character passwords.  Dictionaries and rule mangling have worked better than I expected, specifically the human0id lists.  Sports teams and book titles were the low hanging fruit.  Combining firstname/firstname and firstname/lastname dictionaries also provided a number of hits.  Combining generic dictionaries wasn’t too successful by itself, but using morph to create insert rules against the combined lists was productive.  I had some success with phrases but for some reason they all used l33t speak.  I’m assuming user training used something similar as an example.  

I used cewl to create some lists and mangle them.  This found a few.  Keyboard combinations was a bust.  I was sure I would hit on one or two.

Brute-force and mask are not really an option at this length.  Hybrid won’t work because of how the passwords are allowed to be crafted.  I haven’t tried permutation yet and I don’t think I have cracked enough to use fingerprint attack.  

I used prince to feed a rule based attack but didn’t get any hits.  This surprised me a little.  It could be I need a better prince dictionary strategy for long passwords.  I personally think finding a way to craft phrases and sentences quickly will be the death knell to passwords.  I might try aprizm's idea and combinator (noun, verb, adjective, noun) for giggles.  

So far I’ve cracked about 15% of the total.  My gut tells me dictionary attacks with rules are the way to go but mostly I’m fishing for ideas.  I haven't found a lot of discussions in open forums on the specifics of 15+ cracking.

r
Reply
#2
Wordhound and Prince

https://bitbucket.org/mattinfosec/wordhound
https://github.com/jsteube/princeprocessor
Reply
#3
Cool answer...interesting video.  It sounds like dictionaries with titles like “BanksWithOver500BillionInAssets.lst” and “CloudBasedSaaS.lst” are a possibility.  Taking this a step further, you could also build lists that based on the interests of the regional area where the company is located like, “SportsTeamsGreaterBoston” or local population demographics “DirtySouthHipHop.lst” or (a stretch) employee age “PopularTVShows18-34.lst”.  Footprinting for passwords.  Thanks.
Reply