01-05-2021, 09:27 PM
Hi, so, I have been playing now with hashcat for a while but only recently joined the forum.
So we did a small pentest on our in-house application and managed to the the database of our in-house users. All great. we extracted the hashes in the DB and asked one of the ladies from IT if we can attempt to crack her password.. she said: Go for it.. she even gave us hints.. but.. i nearly choked on the impossibility So Now i am wondering if i can write an advanced mask filter or something that makes this a bit easier.. if anyone can push me in the right direction without generating 239578094589732895473 TB of data , would be awesome..
Hints were: 14 characters, Numbers and letters and special characters.
so that would make it impossible to realistically crack. She mentioned then this: password is NOT computer generated. Special characters and numbers are only in the later part of the password and the first part is letters.. HOWEVER , she did not state where the later part and the first part starts.. so I am gonna got with a split down the middle 7-7 to start with. She even cracked and told us which special characters are NOT in the last part.
Would a good approach be to generate 2 word lists (one with only letters and one withonly numbers and special characters ? And can you combine them in a combination attack without blowing it all out of proportion? BTW, its bcrypt the encryption.
Last question: limiting the character repition in Maskprocessor etc, would limit the amount of stuff going on.. or would this be easier done with a rule??
Thanks for pointing me in the right direction.. :R
So we did a small pentest on our in-house application and managed to the the database of our in-house users. All great. we extracted the hashes in the DB and asked one of the ladies from IT if we can attempt to crack her password.. she said: Go for it.. she even gave us hints.. but.. i nearly choked on the impossibility So Now i am wondering if i can write an advanced mask filter or something that makes this a bit easier.. if anyone can push me in the right direction without generating 239578094589732895473 TB of data , would be awesome..
Hints were: 14 characters, Numbers and letters and special characters.
so that would make it impossible to realistically crack. She mentioned then this: password is NOT computer generated. Special characters and numbers are only in the later part of the password and the first part is letters.. HOWEVER , she did not state where the later part and the first part starts.. so I am gonna got with a split down the middle 7-7 to start with. She even cracked and told us which special characters are NOT in the last part.
Would a good approach be to generate 2 word lists (one with only letters and one withonly numbers and special characters ? And can you combine them in a combination attack without blowing it all out of proportion? BTW, its bcrypt the encryption.
Last question: limiting the character repition in Maskprocessor etc, would limit the amount of stuff going on.. or would this be easier done with a rule??
Thanks for pointing me in the right direction.. :R