Hello fulldisclosure, I would like to share an update to a toolkit built to aid in password cracking and analysis attacks.
PACK (Password Analysis and Cracking Toolkit) is a collection of utilities for analysis of plaintext passwords to find common patterns such as word mangling rules, password masks and source words. All of the tools produce output for the Hashcat password cracker. The latest update includes a rule generation engine (rulegen.py) which uses a Reverse Levenshtein Paths algorithm to reverse word mangling rules. For example, the analysis of the password "1P@SSW0D" would produce the following rules and source words in the Hashcat format: [+] Password => ^1 sa@ u sO0 D7 => 1P@SSW0D [+] Password => ^1 sa@ u D6 sR0 => 1P@SSW0D Using the above information you could attempt to recover passwords using similar rules and/or source words. Other tools in the kit can produce similar analysis of character-set masks used to produce passwords. For example, "Password123" would produce a mask ?u?l?l?l?l?l?l??d?d?d that once more could be applied against still uncovered hashes. At last, you can get general password statistics such as length, character sets and other patterns. PACK (Password Analysis and Cracking Kit) source and documentation: http://thesprawl.org/projects/pack/ Automatic Password Rule Analysis and Generation research paper: http://thesprawl.org/research/automatic-password-rule-analysis-generation/ Sincerely, -Peter _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/