The following is a basic analytical method used to evaluate and assess target data sets and develop test cases to efficiently apply your password cracking resources. ## 1) Determine the speed of your machine Before you begin, make sure that you benchmark your CPU. This is important if you are going to be working with files >= 1GB. It is also important to understand how the tools you select will run on your current configuration. The speeds that are important for this activity will be CPU, GPU and SSD RW speeds. ```bash john --test hashcat -b ``` Based on these results you will be able to better assess your analysis options. Keep track of this information as it will be useful to save these results for future reference. ## 2) Begin your planning Initially you want to take a look at the cleartext patterns to verify that the data is prepared properly. ```bash head <file> ``` While you are looking you can dive deeper into your target data to try to start to see what easy to spot patterns or policies are present on the dataset. If you are working with a large set of cleartext passwords (in excess of 1 million) then break the set into smaller workable subsets. Do not sort/uniq this data, you want duplicates to appear so that they are represented appropriately during your statistical analysis. ## 3) Analyze Passwords Using your tool(s) of choice take the cleartext list and gather the following data: - Character Frequency - Length - Complexity Record this data, it will be used later to develop masks that we can use to develop attacks. Now you want to conduct some pattern analysis, looking for things like names, common nouns, common verbs, words specific to the origin of the data set, the list can go on. If you want to take a deep look into uncovering patterns you can read more about it [[Password Pattern Analysis|here]]. ## 4) Craft Custom Attacks Based on you password analysis [[Advanced Attacks|create custom attacks]] leveraging those known clues or patterns. Examples would be [[Advanced Attacks|custom mask attacks]] or [[Rules]] to fit target users' behavior or preferences. ## 5) Create Advanced Attacks Experiment with [[Princeprocessor]], custom [[Markov-chains]], [[maskprocessor]], or custom dictionary attacks to generate sample data sets that reflect the keyspace boundaries that you have identified. This is where your expertise and creativity really come into play. ## 6) Repeat Repeat this loop, manipulate variables that will provide different output. Take breaks as needed to let your brain cooldown. #methodology #concepts #tools [[Home]]