Download presentation
Presentation is loading. Please wait.
1
Play by your own rules! Tatiana Mikhailova
2
Problem Why do we need rules? TO BREAK FREE OF COURSE!
3
Using dictionaries with and without rules
4
./hashcat-cli64.bin -r rule --stdout word
Hashcat rules ./hashcat-cli64.bin -r rule --stdout word
5
Testing existing rules
wc -l /hashcat/rules/* Rule set Number of rules best64.rule 64 d3ad0ne.rule 35406 dive.rule 123289 generated.rule 14734 leetspeak.rule 29 oscommerce.rule 256 rockyou rule 211 # random rules that produced good results }}}}}}}}*15'4 }}}}}}Y4'4d }}}}}'5'4p1 }}}}}'5 }}}}'4 }}}} }}}: }}} }}D1{ }} }x32 }x14
6
Attack scenario
7
Attack scenario 54b3f4bd6d 43cc7216b7f f064af97926 ….
8
Attack scenario Password123 hashcat (rockyou+best64.rule) Gfhjkmm88
1q2w3e4r5t hashcat (rockyou+best64.rule)
9
Attack scenario Password123 hashcat (rockyou+best64.rule) Gfhjkmm88
1q2w3e4r5t hashcat (rockyou+best64.rule)
10
Testing rules with the rockyou wordlist
Rockyou.txt ~ Rules Result Number of rules Cracked best64 23.50 64 d3ad0ne 50.46 35406 553 dive 54.09 123289 1926 HashManager 47.27 6746 105 PasswordsPro 45.18 3254 50 T0XlC 39.8 4089 63
11
Existing short rule sets
12
Existing short rule sets
13
It’s very funny and interesting!... The first 100 passwords
Password analysis 20k passwords Take password Disassemble Find out word Find out mutations goto 1 It’s very funny and interesting!... The first 100 passwords
14
Figuring out patterns Password Pattern Bezopasnost’1984
c(translit(rus_word))|year flower date|word 123Tanya! ^3^2^1c(name)$! vjcrdf2017 layout(r_word)|year Pattern Result с(word) Word word|date word date|word word word|digits word555, word123 word$(symbol) word!, word% word$c(letter)$(letter) wordAs
15
Applicability for any word length Dictionary dependency Uniqueness
Making rule sets “Requirements” Logic Applicability for any word length Dictionary dependency Uniqueness E.g. Years, dates, digit sequences
16
Patterns and wordlists
Name, surname Russian word in English layout Russian word in translit English word Patterns c(word)$year c(word) c(word)$d$d c(word)$sequence c(word)$d$d$d word$d$d$d c(word)$d
17
Patterns and wordlists
18
Patterns and wordlists
19
Patterns and wordlists
20
11000 rules 11000*100*100=110 000 000 100 wordlists 100 hash lists
Testing 11000*100*100= 11000 rules 100 wordlists 100 hash lists 32 test lists 24h = sec /86400= 1273 days
21
Wow, finished!
22
Рейтинги правил Hash files Wordlists Rules Wordlist + Rule
Testing architecture Hash files Wordlists Rules Wordlist + Rule String apply_rule(String word, String rule) ? Рейтинги правил Result Recovered passwords
23
Wordlists vs password dictionaries
Popular rules: ]] $ ]]c co93 ]]] ‘7$1 cTBiB+ [[[[u Wordlist Rule Password Password dictionary moscow c$2$0$1$7 Moscow2017 Moscow2016 ]$7 o97 c$2$0$1$6$! Moscow2016! $! kitty $1$2$3 kitty123 Kitty111 l]]$2$3 Оптимизация/ что вышло изначально - очень МУСОРНО Обычный словарь Пример для обычного словаря и ПАРОЛЬНОГО СЛОВАРЯ Снова тестирование
24
Сформировалось что-то
Testing again Make short rule sets best64 best32 Testing Compare results with well-known rules Take the best ones ... Profit! !Don’t forget! Train on one data, test on another Сформировалось что-то В ходе анализа , самые популярные правила это вот такие
25
best64.rule hoboRules.rule nsa.rule 9.82 11.22
Results Rules Result best64.rule 8.75 hoboRules.rule 8.97 nsa.rule 7.88 best32.rule_1 9.13 best32.rule_2 9.82 best64.rule_1 10.91 best64.rule_2 11.22 *rockyou best64_1 29.36 best64_2 29.32 best32_1 25.41 best32_2 25.85 best64 23.50
26
Best rules : $2 $9 $0 $2$3 c $1 $3 c$! $1$1 $4 c$1 $1$2$3 $5 c$1$2
$1$2$3$4 $6 c$1$2$3 $1$2$3$4$5 $7 c$1$2$3$4 $1$2$3$4$5$6 $8 c$1$2$3$4$5 c$1$2$3$4$5$6 c$2 c$3 c$2$0$1$6 c$2$0$1$7 crT0r
27
https://github.com/ttmyst/tmyst_rules @imtatyanaa
Links @imtatyanaa
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.