Exploiting the human factor

[Pilsener]

The Enigma was cracked much due to the human factor and the human errors.
So I thought: How about making a mask that will run a brute force attack that will cover most of the human laziness?

My first thoughts:
1. Password length set to 8-10 chars.  
2. First letter may be uppercase or lowercase.
3. Last 1-3 chars is probably lowercase or numbers.


What's your thoughts about this approach, and what should be included, without making a mask that takes "forever" to run?

[royce]

That's exactly what hashcat does when using attack mode 3 (brute force, -a 3), and a mask is not specified.

It defaults to this mask:

-1 ?l?d?u -2 ?l?d -3 ?l?d*!$@_ ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d

[Pilsener]

Can this mask be set to increment the length of 8-10 chars?

[royce]

Yes, by default if you specify no other parameters other than -a 3, it will automatically increment until exhaustion. IF you want it to terminate earlier, you'd have to specify an --increment-max.

[Pilsener]

What util should I use to make a mask according to my specs listed above? (head is not fully operational after being at work today).

[royce]

No utility necessary - honest. Study the default, understand how it works, and then adapt it to your needs.

[Pilsener]

I think I need to make a masks file to cover it exactly as I want, but mask processor does not have the options I need.

[philsmd]

just create the hashcat mask file (a.hcmask) manually:

Code:

?l?u,?l?d,?1?a?a?a?a?2?2?2
?l?u,?l?d,?1?a?a?a?a?a?2?2?2
?l?u,?l?d,?1?a?a?a?a?a?a?2?2?2

Code:

hashcat -m 2500 -a 3 -w 3 hash a.hcmask

note: of course you can modify this in any shape or form you like, e.g. using ?l (lowercase letters) instead of ?a (which is much huger, i.e. ?l?u?d?s)

[Pilsener]

I made a hcmask-file looking like this:

?l?l?l?l?l?l?l?l
?l?l?l?l?l?l?l?l?l
?l?l?l?l?l?l?l?l?l?l

?u?l?l?l?l?l?l?l
?u?l?l?l?l?l?l?l?l
?u?l?l?l?l?l?l?l?l?l

?l?l?l?l?l?l?l?d
?l?l?l?l?l?l?d?d
?l?l?l?l?l?d?d?d

?l?l?l?l?l?l?l?l?d
?l?l?l?l?l?l?l?d?d
?l?l?l?l?l?l?d?d?d

?l?l?l?l?l?l?l?l?l?d
?l?l?l?l?l?l?l?l?d?d
?l?l?l?l?l?l?l?d?d?d

?u?l?l?l?l?l?l?d
?u?l?l?l?l?l?d?d
?u?l?l?l?l?d?d?d

?u?l?l?l?l?l?l?l?d
?u?l?l?l?l?l?l?d?d
?u?l?l?l?l?l?d?d?d

?u?l?l?l?l?l?l?l?l?d
?u?l?l?l?l?l?l?l?d?d
?u?l?l?l?l?l?l?d?d?d



I think it covers all the combinations I wanted.
Worth a try. It says it will take 11 days to complete, which is acceptable.

But I'm still interested in suggestions for modifications.

[philsmd]

lol, it will take 11 days just for the first one

that's also why brute-force is not usually the best strategy, but it of course depends a lot on the info you have and especially how confident you are that the passwords are 100% randomly generated and not human-choosen

btw: sometimes it's better to prefer masks with larger keyspace, because they can be accelerated better (depending also on the hash type etc). e.g. ?l?l?l?l?l?l?l?l and ?u?l?l?l?l?l?l?l is equivalent as ?l?u,?1?l?l?l?l?l?l?l , but the second one might peform (sligthly) better, of course a set of ?a?a?a... at the start would allow even more acceleration