Posts: 16
Threads: 5
Joined: Jun 2016
07-18-2016, 02:47 PM
(This post was last modified: 07-18-2016, 03:01 PM by takitano.)
Hi guys,
who can help me? I have an understanding problem. I know that a user creates his passwords by following schemes:
1-4 numbers (but not always)
1-12 letters (from time to time is the first letter a uppercase).
1-4 numbers (but not always)
1-2 special character (but not always)
There is a muster:
68alex!
5alehandro!!
37Aleks!!!
Alekss75!
alehhandro68!
1968aleksander1975
aleksander75.
Aleksandr1975
Aleksander1975!
alex1968.
Which mask can I create, to cover all there possible combinations of such passwords?
Code:
--increment-min=1 --increment-max=22 -1 ?d?u?l?d?s ?d?d?d?d?u?l?l?l?l?l?l?l?l?l?l?l?l?l?d?d?d?d?s?s
???
Although I have read the help, but my English is very bad.
Thanks.
Takeshi
Posts: 262
Threads: 14
Joined: Jun 2016
ur -1 is ?a.. and contain 2 ?d
u should make a mask file which contain all kind of possibility,
for example the mask file should contain
?d?d?l?l?l?l
?d?l?l?l?l?d
?u?d?d?l?l?s
and so on.
u should use
https://thesprawl.org/projects/pack/ (PolicyGen)
from what u wrote the majority of the password contain the name alex
u could do
-1 alexkdros -2 19687 -3 A -4 !@#$%^&*()_+=-
and do such thing for 12 chars
?3?1?1?1?1?1?1?1?1?2?2?2?2
or
?1?1?1?1?1?1?1?2?2?2?2?4
Posts: 16
Threads: 5
Joined: Jun 2016
07-18-2016, 03:30 PM
(This post was last modified: 07-18-2016, 03:31 PM by takitano.)
(07-18-2016, 03:20 PM)kiara Wrote: ur -1 is ?a.. and contain 2 ?d
u should make a mask file which contain all kind of possibility,
for example the mask file should contain
?d?d?l?l?l?l
?d?l?l?l?l?d
?u?d?d?l?l?s
and so on.
u should use https://thesprawl.org/projects/pack/ (PolicyGen)
from what u wrote the majority of the password contain the name alex
u could do
-1 alexkdros -2 19687 -3 A -4 !@#$%^&*()_+=-
and do such thing for 12 chars
?3?1?1?1?1?1?1?1?1?2?2?2?2
or
?1?1?1?1?1?1?1?2?2?2?2?4
Thank you for speed-answer, kiara! The boy use not only Ale...xxx -word, but various words - from Alex to ZzzzZZZzzzZ. My sample was slightly misleading. :-(
But the idea is very helpful for me. I will try on. I will "PACK" try too. Thank you.
Posts: 5,232
Threads: 233
Joined: Apr 2010
PACK is the way to go if you want to BF a keyspace that has a known password policy.
However it's a bad practice because in your case the keyspace is too large and you will propably end up with no results.
You may want to use rule based attacks
Posts: 16
Threads: 5
Joined: Jun 2016
(07-19-2016, 08:51 AM)atom Wrote: PACK is the way to go if you want to BF a keyspace that has a known password policy.
However it's a bad practice because in your case the keyspace is too large and you will propably end up with no results.
You may want to use rule based attacks
Yes, I know it. But the rules based attack was not successful. I I tried "best64"- und "top5000"- and "Toxic"-rules with custom dictionary, my own dictionaries (first names and brithdays/days/years) and with two well known today 11 and 35 GB dictionaries. No success. A combination dictionary attack was not success too. Masks is my last chance. Maybe I'll get lucky.
