I'm brand new to oclhashcat, but it looks really powerful compared to the existing gpu crackers out there, especially with the dictionary/hybrid attacks thrown in.
In general i see better (higher) entropy in position 2, 3 and 4 of passwords than in position 1. If the usual complexity requirements exists (Windows; 3 of 4 character groups), maybe 50% will have first character uppercase letter, than 5-7 lowercase, and then either 2 or 4 digits at the end (date/age/year in XX or XXXX format...)
Could per position charset support be implemented in some way, in order to do smarter "bruteforcing", leaving out lots of the not-so-common combinations?
Best regards,
Per Thorsheim
securitynirvana.blogspot.com
i am not sure if i understood you 100% correctly. but if i do, then you are lucky. it is already implemented in.
using the mask you described, you need to run oclhashcat 6 times
oclHashcat.exe example.hash -1 ?l?u ?1?l?l?l ?l?l?d?d
oclHashcat.exe example.hash -1 ?l?u ?1?l?l?l ?l?l?l?d?d
oclHashcat.exe example.hash -1 ?l?u ?1?l?l?l ?l?l?l?l?d?d
oclHashcat.exe example.hash -1 ?l?u ?1?l?l?l ?l?l?d?d?d?d
oclHashcat.exe example.hash -1 ?l?u ?1?l?l?l ?l?l?l?d?d?d?d
oclHashcat.exe example.hash -1 ?l?u ?1?l?l?l ?l?l?l?l?d?d?d?d
Let me explain a bit more. I do password analysis, primarily of Windows LM/NTLM hashes. dictionary/hybrid/RT/bruteforce, you name it.
I've got some personal tools to do the analysis, one gives me this output (for NTLM passwords):
Rank Pos 1 Count 1 Pos 2 Count 2 Pos 3 Count 3
1 B 2706 r 3214 u 2668
2 A 977 a 2193 r 1554
3 T 712 e 1646 n 1463
4 M 709 o 1440 l 1161
5 S 659 i 1103 s 867
6 O 517 u 743 e 851
7 E 495 n 519 a 775
8 a 453 l 487 i 672
9 s 449 p 392 t 592
10 t 403 t 375 m 535
Read the columns; First character position, uppercase B is the most popular character, uppercase A the second most character etc. Second character position: lowercase r is the most common, than lowercase a, e, o, i etc.
In environments where complexity requirements are present, there's a 40-50% chance the most popular password format is UL....LLDD (4-6 lowercases in the middle there).
Som my feature request would be a config file, (UTF-8?), where i can either vertically or horizontally list the characters i want to test in every position:
Horizontal config:
BATMSOE
raeoiun
urnlsea
would test Bru...Ena
Best regards,
thorsheim
(06-07-2010, 11:29 PM)thorsheim Wrote: [ -> ]Let me explain a bit more. I do password analysis, primarily of Windows LM/NTLM hashes. dictionary/hybrid/RT/bruteforce, you name it.
I've got some personal tools to do the analysis, one gives me this output (for NTLM passwords):
Rank Pos 1 Count 1 Pos 2 Count 2 Pos 3 Count 3
1 B 2706 r 3214 u 2668
2 A 977 a 2193 r 1554
3 T 712 e 1646 n 1463
4 M 709 o 1440 l 1161
5 S 659 i 1103 s 867
6 O 517 u 743 e 851
7 E 495 n 519 a 775
8 a 453 l 487 i 672
9 s 449 p 392 t 592
10 t 403 t 375 m 535
Read the columns; First character position, uppercase B is the most popular character, uppercase A the second most character etc. Second character position: lowercase r is the most common, than lowercase a, e, o, i etc.
In environments where complexity requirements are present, there's a 40-50% chance the most popular password format is UL....LLDD (4-6 lowercases in the middle there).
Som my feature request would be a config file, (UTF-8?), where i can either vertically or horizontally list the characters i want to test in every position:
Horizontal config:
BATMSOE
raeoiun
urnlsea
would test Bru...Ena
Best regards,
thorsheim
Part of the answer is that you have up to 4 masks you can use so the attack would look like this:
Code:
oclHashcat.exe example.hash -1 BATMSOE -2 raeoiun -3 urnlsea ?1?2?3?l ?l?d?d
I am not sure if the program will reorder the letters before making the combinations but at least you will have the group of most important ones.