I would like to share an update to a toolkit built to aid in password
cracking and analysis attacks.
PACK (Password Analysis and Cracking Toolkit) is a collection of
utilities for analysis of plaintext passwords to find common patterns such as
word mangling rules, password masks and source words. All of the tools
produce output for the Hashcat password cracker.
The latest update includes a rule generation engine (rulegen.py)
which uses a Reverse Levenshtein Paths algorithm to reverse word
mangling rules. For example, the analysis of the password "1P () SSW0D" would
produce the following rules and source words in the Hashcat format:
[+] Password => ^1 sa@ u sO0 D7 => 1P () SSW0D
[+] Password => ^1 sa@ u D6 sR0 => 1P () SSW0D
Using the above information you could attempt to recover passwords
using similar rules and/or source words.
Other tools in the kit can produce similar analysis of character-set
masks used to produce passwords. For example, "Password123" would produce a
mask ?u?l?l?l?l?l?l??d?d?d that once more could be applied against still
uncovered hashes. At last, you can get general password statistics such
as length, character sets and other patterns.
PACK (Password Analysis and Cracking Kit) source and documentation:
http://thesprawl.org/projects/pack/
Automatic Password Rule Analysis and Generation research paper:
http://thesprawl.org/research/automatic-password-rule-analysis-generation/
Sincerely,
-Peter
↧
PACK 0.0.3 - Password Analysis and Cracking Kit
↧