lakiw
/ Installation Instructions: Ventilator Server: Ubuntu 18.04
Last active
April 10, 2020 22:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Linux Version: Ubuntu 18.04.3 LTS | |
| Install Rails: | |
| sudo apt install curl | |
| curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash - | |
| curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - | |
| echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list | |
| sudo apt-get update |
lakiw
/ gist:64d1a93106fd501d4d680fffad076e12
Created
November 2, 2017 20:22
Proposed approach to multi word detection in password cracking
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The main challenge for detecting multi-words for passwords for me has been the lack of good wordlists/dictionaries. | |
| Based on previous experience, my rule of thumb is that a "decent" dictionary will have about a 60% coverage rate for the training set. That number is based on very out of date experiments which quite honestly I need to update, (if you are curious I can look up where in my dissertation I documented them), which is why I consider it more a rule of thumb vs an accurate statement. You can get a higher coverage by increasing the size of your dictionary but at that point the amount of junk in your wordlist starts to make Markov based brute-force sound more attractive. Still, while some people might quible with that 60% coverage statement, (rightfully so), I think it highlights the wordlist issue. If I look for multi-words but the "golden list" I use in training only has 60% coverage then this becomes a harder problem to solve. | |
| In general it seems like a better approach is to build custom dictionarie |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1) Investigate the effectiveness of "remove all character" rule that is no longer supported in Hashcat3.0. Write blog post | |
| 2) Along with the above, update checkpass2.py from the Password Research Tools repo to use shared code from pcfg_manager. Goal is to better support non-english passwords | |
| 3) Write a depth-first search mode for pcfg_manager to better support cracking medium speed hashes. This will not generate guesses in probability order, but it will hopefully generate guesses much faster. | |
| 4) Continue to look at adding #3 directly into hashcat. | |
| 5) Develop a training program that will estimate the occurance of target specific data in the training set. For example names, zip codes, e-mail addresses, etc. This is to better support cracking an individual password vs a large dataset of passwords | |
| 6) Develop a utility to make it easier to modify an existing grammar with target specific data |