02-03-2019, 09:28 PM
I have a situation where I know that user stored passwords are at least 15 characters long. However, it's possible that a non-standard user (admin, etc.) or an extremely legacy account (before min limits were put in place) could have created a "user" account with a password less than 15 characters. For political/organizational/layer 8 reasons, I want to make sure I only audit the system for these passwords (that is to say, those of length 1 to 14). This is a fast hash (call it MD4 ) .
Up to 8 characters is easy, I can mask attack with "-i ?a?a?a?a?a?a?a?a" and get everything. Past that and I run into the obvious issue of how long the attack will take.
Option #1 is to get intelligent about my mask attack, ?u?l?l?l?l?l?l?l?d for example. I might miss some things, but it's better than nothing.
Option #2 is to generate a dictionary and cut out everything that is less than 8 characters (I've already found those) or greater than 14 characters (I don't want to crack these!). Works fine with reasonably sized word lists, and combined with the above should find most things.
Option #3 is what I would like to do, use a dictionary and rules list, but reject every candidate in the results that is greater than 14 characters. Basically, what this person is asking for. I completely understand the answer given by Royce, it's not worth the trouble from a time perspective to reject these. However, in my case it's desired for other reasons.
I can pipe candidates through len, as was suggested by Royce, but I'm obviously losing a lot of speed with fast hashes. Reject rules only work on the wordlist itself or with hashcat-legacy.
Are there any other options for me? I understand what I want to do is atypical and I probably won't find anything that will operate at full speed, I'm fine with that. Basically, I just asking what my best option is at this point, or if there's something else I haven't thought of.
Up to 8 characters is easy, I can mask attack with "-i ?a?a?a?a?a?a?a?a" and get everything. Past that and I run into the obvious issue of how long the attack will take.
Option #1 is to get intelligent about my mask attack, ?u?l?l?l?l?l?l?l?d for example. I might miss some things, but it's better than nothing.
Option #2 is to generate a dictionary and cut out everything that is less than 8 characters (I've already found those) or greater than 14 characters (I don't want to crack these!). Works fine with reasonably sized word lists, and combined with the above should find most things.
Option #3 is what I would like to do, use a dictionary and rules list, but reject every candidate in the results that is greater than 14 characters. Basically, what this person is asking for. I completely understand the answer given by Royce, it's not worth the trouble from a time perspective to reject these. However, in my case it's desired for other reasons.
I can pipe candidates through len, as was suggested by Royce, but I'm obviously losing a lot of speed with fast hashes. Reject rules only work on the wordlist itself or with hashcat-legacy.
Are there any other options for me? I understand what I want to do is atypical and I probably won't find anything that will operate at full speed, I'm fine with that. Basically, I just asking what my best option is at this point, or if there's something else I haven't thought of.