The dictstat Python script is a great little tool for password cracking results analysis or for regular wordlist analysis. The dictstat application is located in the /pentest/passwords/pack directory on Backtrack 5 R3 and can be run using “python dictstat.py” from within that directory. Written by iphelix during the 2010 Crack Me If You Can password cracking competition and is part of a larger toolset called PACK or Password Analysis and Cracking Kit. Below we show some examples of dictstat in action along with some details of the available parsing mechanisms that are in place.
Recently our friends working on the Hashcat projects had a open community challenge called The Best64 Challenge or TB64C. The reason being the fact that TB64C was to improve the most widely used ruleset that comes with all of the Hashcat products including oclHashcat-plus, oclHashcat-lite, hashcat, and hascat-gui. There is nothing better than when projects such as Hashcat get the community involved and what better way to do so than to provide a contest for people to provide feedback in the for of personal experience. Anyhow awhile back I wrote an article on tools.question-defense.com that described each of the best64 rules in more detail and there was a request for the article to be updated now that the ruleset has been improved. Below are the details of the new best64.rule file that will be released in all new releases of the Hashcat software line as of 04-21-2012.
As you know we think that oclHashcat is one of the best password crackers available and along with Hashcat and John The Ripper are pretty much the only password crackers we use at this point. Earlier someone asked me to crack some OpenLDAP hashes which come in SHA and SSHA format and the below example includes only the OpenLDAP SHA format hashes.
Today I was having a discussion regarding wordlist size, the calculation to come up with the specific size the wordlist would be once generated, and various other items revolving around password cracking. Somehow the application crunch came up which in the past has been used to generate wordlists however its fairly slow compared to other technologies out there specifically Hashcat/oclHashcat’s Anyhow during the discussion I was doing some searching and had not used crunch in quite a long time but was pleasantly surprised by one of the features which generates a quick, accurate, and useful output of information regarding number of combinations that will be generated from the combinations length plus the character set/wordlists input and how much disk space those the list will take up on the hard drive. Anyhow a couple interesting things I realized tonight using crunch that I wanted to share.
In the past we have written a couple articles on using tshark to strip WPA capture files down to a specific ESSID or SSID but in some cases it can be more useful to strip the capture down by BSSID or MAC address of the WAP. Isolating packets by BSSID or WAP MAC address is useful in a scenario where a wireless deployment has numerous WAP’s and you have captured a specific SSID’s traffic from more than one WAP. Below is information on how to strip down a capture file based on BSSID and information on capture size before stripping the file down.