Experiences Using Prince Mode
#1
Hi All, 
    I don't know if I'll ever get around to finishing it but I'm thinking of writing a guide to using Prince to generate password guesses. For those not familiar with Prince the base code is available at https://github.com/hashcat/princeprocessor, and is included by default in JtR bleeding-jumbo release.  In a nutshell Prince takes all the words in an input dictionary and combines them multiple times. It's actually much more sophisticated than that description makes it sound like and if you are curious about more of the details I have a very outdated blog post on it at http://reusablesec.blogspot.com/2014/12/...rince.html. This forum post is a attempt to get more information to update it. What I'd like to know is other people's experiences using Prince. If you've used it and are willing to share I'd appreciate it if you could respond to this thread. I'm sure other people would be interested to hear what you have to say as well!  

To kick things off I've found it's extremely helpful when using Prince to include a short bruteforce in my wordlist. For example, all values 1 to 3 letters/digits/special characters long. Now, you certainly could limit that to only likely characters, but I usually find myself using Prince on fast hashes so I'm not too focused on optimizing it.  The impact of doing that seems to be dramatic vs only using an input dictionary containing cracked passwords. For example, '1' might not be a valid password, but if '1cow1pig', is the password you are trying to crack then without that '1' you likely won't create that combo.  Also, I tend to use Prince as a bridge before I do incremental/mask attacks. Aka it's usually not the first attack I run, but I've had good success just letting it go if I don't want to put to much thought into a cracking session and PCFG/dictionary attacks are slowing down.  Side note, I've heard many people mention the "prinception" attack where you create an input dictionary using prince then feed that into another instance of prince. I have to admit this puzzles me a bit as it seems like you could get the same results by increasing the number of combos. I'm probably missing something, (I could see the order it makes the guesses being very different due to how PRINCE ranks the chains) so feel free to comment on that.  

Thanks! Also I apologize for the double posting here and to the john-users mailing list (archive here: http://www.openwall.com/lists/john-users/2017/09/25/1) but I'd like to get feedback from both cracking communities.

Matt / Lakiw
#2
It's very strong on passphrases (see latest CMIYC challenge 11)
It's strong if you just want to push in some target specifc wordlist and then let princeprocessor do all the combinations of it.
But it's not perfect. If there's a way to add in some priorization (princeprocessor 2) that would make it perfect. That is that some words are kind of more likely than others. Maybe with ordering of the wordlist? I don't know. Haven't thought too much on it.
#3
Thanks atom for the reply!

I agree that prince is strong! I'm curious if you have advice for users of it? Aka if you are a new user, grab wordlist A, add B to it, and then run prince with the following command.

Also what advice would you give for more advanced users? Aka "use a  previous list of cracked passwords, but then do C"

As I mentioned, my end goal is to write a guide on Prince so specific examples or tips are really appreciated!

(10-01-2017, 11:36 AM)atom Wrote: But it's not perfect. If there's a way to add in some priorization (princeprocessor 2) that would make it perfect. That is that some words are kind of more likely than others. 

So my initial reaction to that was, "Hey that sounds like a PCFG!" ;p All kidding aside, it really could be done with a PCFG. The grammar itself would be pretty simple, just 1 letter, 2 letter, 3 letter, ... N letter words as the variables, and having the initial base grammar be combining them. That way you could assign probabilities to individual words as well as password guess length. The hardest part would be figuring out how to do the training, (aka how to assign probabilities to words).

Of course, my current PCFG implementation is slow so I don't think I'd actually recommend that.

My gut says a better option would be to modify the princeprocessor (PP) to have multiple elements for the same word length. Aka there could be one element grouping of high probability guesses ['com', 'edu', 'idk', 'cat'], and another lower probability ['mat', 'zeb', 'rat', ...']. Right now my understanding is that PP orders its guesses by keyspace. We might be able to get away without having to modify the keyspace by some weight to reflect the higher probability of words simply because the "high probability" element grouping might naturally be smaller than the "low probability" element grouping.  If that's a concern though a weight could be applied.

A harder question would be training. Aka how do we figure out what's a high probability word vs a low probability one? My first guess is to have a dedicated training phase, (so people don't have to train again every time they run PP2). What the training phase looks like would depend on if you wanted to only use a list of previously cracked passwords and create your PP2 input dictionaries from it directly or if you want to evaluate an existing input dictionary against a set of cracked passwords. The output would be a set of sub dictionaries to use in PP2. That way if you wanted to, you could feed PP2 different dictionaries by hand if you don't want to use the training program. That's an important feature since I'm always finding myself wanting to use a target specific wordlist, (aka make 'KoreLogic', and rockstar names be high probability for the next CMIYC ;p)

I don't know if any of the above made any sense of if you are interested. If you want we could move prince processor 2 discussions to a different thread or I could hop on IRC sometime.

Thanks again!