This post is about my current attempts to automatically generate pertinent wordlist mangling rules. For those not familiar with the subject, the hypothesis is that people often create passwords based on known words, or sequences of characters that are actually words they do not know about. In order to exploit this, one usually selects a list of common words (the wordlist) and uses it to generate candidate hashes, then checks them against the hashes one wants to crack.
The idea of mangling rules comes from the fact that people often alter a known word in a simple way (for example, adding 1 to the end of the word). I will only cover the rules used in John the Ripper, documented here. These rules will be easily ported to the hashcat family of tools. My approach here is to generate good mangling rules automatically, by starting from a wordlist and a set of passwords.
My approach will be to run the mangling rule on the wordlist, in order to create an alternate wordlist. Then I will list all passwords in my set that could be computed from a word in the mangled wordlist if you can add characters before and after it. I will then solve the related coverage problem to compute a good set of mangling rule, prefix and suffix tuple.
In the next episodes I will describe the software I wrote, and my first results