09-26-2017, 05:07 PM
Hi All,
I don't know if I'll ever get around to finishing it but I'm thinking of writing a guide to using Prince to generate password guesses. For those not familiar with Prince the base code is available at https://github.com/hashcat/princeprocessor, and is included by default in JtR bleeding-jumbo release. In a nutshell Prince takes all the words in an input dictionary and combines them multiple times. It's actually much more sophisticated than that description makes it sound like and if you are curious about more of the details I have a very outdated blog post on it at https://reusablesec.blogspot.com/2014/12/...rince.html. This forum post is a attempt to get more information to update it. What I'd like to know is other people's experiences using Prince. If you've used it and are willing to share I'd appreciate it if you could respond to this thread. I'm sure other people would be interested to hear what you have to say as well!
To kick things off I've found it's extremely helpful when using Prince to include a short bruteforce in my wordlist. For example, all values 1 to 3 letters/digits/special characters long. Now, you certainly could limit that to only likely characters, but I usually find myself using Prince on fast hashes so I'm not too focused on optimizing it. The impact of doing that seems to be dramatic vs only using an input dictionary containing cracked passwords. For example, '1' might not be a valid password, but if '1cow1pig', is the password you are trying to crack then without that '1' you likely won't create that combo. Also, I tend to use Prince as a bridge before I do incremental/mask attacks. Aka it's usually not the first attack I run, but I've had good success just letting it go if I don't want to put to much thought into a cracking session and PCFG/dictionary attacks are slowing down. Side note, I've heard many people mention the "prinception" attack where you create an input dictionary using prince then feed that into another instance of prince. I have to admit this puzzles me a bit as it seems like you could get the same results by increasing the number of combos. I'm probably missing something, (I could see the order it makes the guesses being very different due to how PRINCE ranks the chains) so feel free to comment on that.
Thanks! Also I apologize for the double posting here and to the john-users mailing list (archive here: https://www.openwall.com/lists/john-users/2017/09/25/1) but I'd like to get feedback from both cracking communities.
Matt / Lakiw
I don't know if I'll ever get around to finishing it but I'm thinking of writing a guide to using Prince to generate password guesses. For those not familiar with Prince the base code is available at https://github.com/hashcat/princeprocessor, and is included by default in JtR bleeding-jumbo release. In a nutshell Prince takes all the words in an input dictionary and combines them multiple times. It's actually much more sophisticated than that description makes it sound like and if you are curious about more of the details I have a very outdated blog post on it at https://reusablesec.blogspot.com/2014/12/...rince.html. This forum post is a attempt to get more information to update it. What I'd like to know is other people's experiences using Prince. If you've used it and are willing to share I'd appreciate it if you could respond to this thread. I'm sure other people would be interested to hear what you have to say as well!
To kick things off I've found it's extremely helpful when using Prince to include a short bruteforce in my wordlist. For example, all values 1 to 3 letters/digits/special characters long. Now, you certainly could limit that to only likely characters, but I usually find myself using Prince on fast hashes so I'm not too focused on optimizing it. The impact of doing that seems to be dramatic vs only using an input dictionary containing cracked passwords. For example, '1' might not be a valid password, but if '1cow1pig', is the password you are trying to crack then without that '1' you likely won't create that combo. Also, I tend to use Prince as a bridge before I do incremental/mask attacks. Aka it's usually not the first attack I run, but I've had good success just letting it go if I don't want to put to much thought into a cracking session and PCFG/dictionary attacks are slowing down. Side note, I've heard many people mention the "prinception" attack where you create an input dictionary using prince then feed that into another instance of prince. I have to admit this puzzles me a bit as it seems like you could get the same results by increasing the number of combos. I'm probably missing something, (I could see the order it makes the guesses being very different due to how PRINCE ranks the chains) so feel free to comment on that.
Thanks! Also I apologize for the double posting here and to the john-users mailing list (archive here: https://www.openwall.com/lists/john-users/2017/09/25/1) but I'd like to get feedback from both cracking communities.
Matt / Lakiw