| Probabilistic Password Cracker | Jul 22, '11 4:53 AM for everyone |
mr. hanster
- The version included on the CD is still very much in the Beta phase since I'm right in the middle of completely rewriting the training program to add new features. The main limitations include
- The training program has "issues" when being trained on passwords that include non-ASCII characters. There's a workaround, but it's really messy.
- Currently the training program doesn't learn case information from the training password set
- The training program doesn't learn letter replacement rules from the training password set
- Need to integrate CUPPS support, (from the remote-exploit team), so we can better make use of collected information, (birthdays/children names/etc), in our password cracker.
- It would be nice to integrate dictionary evaluation into the training program instead of having to use a different program, (aka passPattern).
- Add support so the trainer can create multiple named rulesets automatically, (rather than overwriting the last ruleset forcing the user to manually back it up).
- General performance improvements in the password guess generator itself
- Saving session state information from the guess generator so it can be stopped/restarted
- Add the ability to detect user input and output the current guess/status to stderr
The version on the DVD is already trained on the MySpace password set which we've found has been fairly effective, (this was the list of MySpace passwords that were stolen by phishers several years ago). Please note, when you train the password cracker on a new list it will overwrite the previous rules. To train the password cracker on a new list, just run
./process.py <training list>
The training list should be a newline separated file of the raw password values. Aka
password1
password2
2password
…………
First you need to build the password cracker from the source files. It has been tested on Ubuntu Desktop, and MacOSX, (with Xcode installed). To build the executable, simple type:
./make
Once the executable has compiled, (hopefully without errors), it is ready to run. Currently it is fairly stupid, (I'll blame the program vs. my programming skills), so it needs to be run from the directory it is installed in, (I need to strip the path info off from the command line and use it in future versions). Also, the training grammar, (aka rules), need to be installed in the same directory as well. You should have three folders, "./grammar", "./digits", and "./special" that represent the full training grammar. These folders will be filled with various files labeled such as "1.txt" or "structures.txt" which contain the probability information gathered from the passwords it was trained upon.
To run the program type
./pcfg_manager <options>
Options:
-dname[0-9] <dictionary name>
<REQUIRED>: The input dictionary name
Example: -dname0 common_words.txt-dprob[0-9] <dictionary probability>
<OPTIONAL>: The input dictionary's
probability. If not specified set to 1.0
Example: -dprob0 0.75-removeUpper <OPTIONAL>: don't use words from the
input dictionary that have uppercase chars-removeSpecial <OPTIONAL>: don't use words from the
input dictionary that have special chars-removeDigits <OPTIONAL>: don't use words from the
input dictionary that have digits
Generally I've found it to be more effective to use the -remove options and let the program, vs the input dictionary determine where to use special characters and digits. The one exception is the -removeUpper option which can allow you to attack case mangled words by using an input dictionary that contains words where different case mangling rules have already applied to them.
The -dprob option ranges from 1.0 to 0.00, and should be set based on what percentage of the passwords you expect the input dictionary to crack. For example a very large input dictionary might have a probability of 0.78. Note, the program is smart enough to assign a final probability by taking into account the probability set by the -dprob option and the size of the input dictionary. This way, even though a very small but highly effective input dictionary might have a -dprob setting of 0.05, and a much larger input dictionary might have a -dprob setting of 0.40, the smaller dictionary will be used more often. Also, duplicate dictionary words will be removed from multiple dictionaries, with the duplicated word being assigned to the dictionary with the highest final probability. For example, the word "football" may show up in several of the input dictionaries that are used, but the password guess generator will place it in the most probable input dictionary to maximize the amount of times it is used.
I included an additional program, passPattern, which measures the effectiveness of input dictionaries by using the idea of edit-distance. It can be used in conjunction with our probabilistic password cracker to assign a value for the -dprob option. In addition, this program creates a golden dictionary of all the words found that would have cracked passwords in the training set which allows you to combine several input dictionaries into a single best of breed dictionary. Also it stores all passwords that would not have been cracked in the file "unclassified.txt." I have found this very useful for narrowing down the number of passwords I need to manually inspect when looking for new mangling rules. Finally, it records the word mangling rules used and how often they were used in the file "editFile.txt". To run this program, first use the make option to compile it and then type
./passPattern <dictionary> <password list>
The options should be fairly self explanatory.
Downloads bak url : http://good.gd/1339345.htm
0 comments:
Post a Comment