08-12-2017, 03:44 AM
I was reading this article about a fingerprint attack and decided to try it. The results on a picked clean by multiple dictionary attacks and a few rule attacks hashlist is impressive (in 27 min I got about 2.4% of the remaining). However, I noticed that the founds are 8 characters max. Looking at expander's source, that makes sense as the max pattern length is hard coded as 4 and 4+4 =8. I could take the source and increase that number and recompile, but should I?
The reason I ask is I've got lots of passwords longer than 8 characters I found by the earlier mentioned methods. I've found five 31 character passwords! So I'm pretty sure some of the remaining un-cracked hashes are more than 8 characters.
But I also suspect the 4 limit wasn't arbitrarily chosen. Can someone shed some light on what my next step should be to use the attack on the 9+ character passwords? Maybe combinator my expander dictionary with itself to make a new dict and then run the combinater with the new and old dict? Or would switching to rules be [in general] a better strategy?
[url=https://www.question-defense.com/2010/08/15/automated-password-cracking-use-oclhashcat-to-launch-a-fingerprint-attack][/url]
The reason I ask is I've got lots of passwords longer than 8 characters I found by the earlier mentioned methods. I've found five 31 character passwords! So I'm pretty sure some of the remaining un-cracked hashes are more than 8 characters.
But I also suspect the 4 limit wasn't arbitrarily chosen. Can someone shed some light on what my next step should be to use the attack on the 9+ character passwords? Maybe combinator my expander dictionary with itself to make a new dict and then run the combinater with the new and old dict? Or would switching to rules be [in general] a better strategy?
[url=https://www.question-defense.com/2010/08/15/automated-password-cracking-use-oclhashcat-to-launch-a-fingerprint-attack][/url]