Automatically generating wordlist mangling rules, part 4 – the results

The results of the previously documented approach have not been incredibly good. The goal was to fine tune a set of mangling rules so that it would be possible to find “hard” passwords not attainable by brute force, statistical approaches, or hand tuned rules. It does find some passwords, even on lists that have been heavily attacked by scores of other attackers. It is however far from being a game changer.

You will find a sample of the generated rules here. It was generated by analyzing 1976 rules with a custom wikipedia generated dictionnary (18224931 lines) against the rockyou password set. To use it with JtR you just have to remove the [NBPWD=xxx] part and paste this after a rule header in john.conf.

Advertisements

3 thoughts on “Automatically generating wordlist mangling rules, part 4 – the results

  1. The link is not working. I hope you can bring it back up. I have been working on my own personal rulesets but focusing on using as little rules as possible before the ruleset starts to look like the kotex john.conf.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s