PACK包装说明

PACK是为了在密码帮助开裂竞争“笑死我,如果你能”的Defcon黑客大会2010年这个工具包的目标是通过分析常见的方式,人们以帮助准备“比暴力破解好”的口令攻击的过程中发生开发创建密码。后的分析阶段,统计数据库可以被用于产生攻击口罩如oclHashcat工具。注:该工具本身无法破解密码,而且还帮助其他工具破解更多的密码更快。 资料来源:http://thesprawl.org/projects/pack/

PACK首页 | 卡利PACK回购

  • 作者:iphelix

  • 许可:GPLv3的

    0x01 包含在驮包工具

    dictstat - 生成字典文件统计

    
:~# dictstat -h
[?] Psyco is not available. Install Psyco on 32-bit systems for faster parsing.
Usage: dictstat [options] passwords.txt
Options:
--version             show program's version number and exit
-h, --help            show this help message and exit
-l 8, --length=8      Password length filter.
-c loweralpha, --charset=loweralpha
                      Password charset filter.
-m stringdigit, --mask=stringdigit
                      Password mask filter
-o masks.csv, --maskoutput=masks.csv
                      Save masks to a file

    0x02 maskgen - 生成hashcat口罩

    
:~# maskgen -h
Usage: maskgen [options] masksfile.csv
Options:
--version             show program's version number and exit
-h, --help            show this help message and exit
--minlength=8         Minimum password length
--maxlength=8         Maximum password length
--mintime=MINTIME     Minimum time to crack
--maxtime=MAXTIME     Maximum time to crack
--complexity=COMPLEXITY
                      maximum password complexity
--occurence=OCCURENCE
                      minimum times mask was used
--checkmask=?u?l ?l ?l ?l ?l ?d
                      check mask coverage
--showmasks           Show matching masks
--pps=1000000000      Passwords per Second

    0x03 policygen - 生成hashcat口罩

    
:~# policygen -h
Usage: policygen [options]
Type --help for more options
Options:
--version             show program's version number and exit
-h, --help            show this help message and exit
--length=8            Password length
-o masks.txt, --output=masks.txt
                      Save masks to a file
--pps=1000000000      Passwords per Second
-v, --verbose
Password Policy:
  Define the minimum (or maximum) password strength policy that you
  would like to test
  --mindigits=1       Minimum number of digits
  --minlower=1        Minimum number of lower-case characters
  --minupper=1        Minimum number of upper-case characters
  --minspecial=1      Minimum number of special characters
  --maxdigits=3       Maximum number of digits
  --maxlower=3        Maximum number of lower-case characters
  --maxupper=3        Maximum number of upper-case characters
  --maxspecial=3      Maximum number of special characters

    0x04 dictstat用法示例

    生成的统计信息的密码与包含在单词表RockYou的 (rockyou.txt)10(-l 10)的长度

    
:~# dictstat -l 10 rockyou.txt 
[?] Psyco is not available. Install Psyco on 32-bit systems for faster parsing.
[*] Analyzing passwords: rockyou.txt
[+] Analyzing 14% (2013690/14344392) passwords
  NOTE: Statistics below is relative to the number of analyzed passwords, not total number of passwords
[*] Line Count Statistics...
[+]                        10: 100% (2013690)
[*] Mask statistics...
[+]               stringdigit: 37% (750966)
[+]                  alldigit: 23% (478224)
[+]                 allstring: 22% (452145)
[+]                 othermask: 04% (90240)
[+]               digitstring: 03% (78964)
[+]         stringdigitstring: 02% (59783)
[+]       stringspecialstring: 01% (33178)
[+]        stringspecialdigit: 01% (25295)
[+]             stringspecial: 01% (22176)
[+]          digitstringdigit: 00% (17290)
[+]      specialstringspecial: 00% (3459)
[+]             specialstring: 00% (1767)
[+]                allspecial: 00% (203)
[*] Charset statistics...
[+]             loweralphanum: 41% (836189)
[+]                   numeric: 23% (478224)
[+]                loweralpha: 20% (416961)
[+]      loweralphaspecialnum: 03% (66553)
[+]         loweralphaspecial: 02% (55720)
[+]             mixedalphanum: 02% (54199)
[+]             upperalphanum: 02% (47431)
[+]                upperalpha: 00% (19723)
[+]                mixedalpha: 00% (15461)
[+]      mixedalphaspecialnum: 00% (9014)
[+]         mixedalphaspecial: 00% (6856)
[+]      upperalphaspecialnum: 00% (3699)
[+]         upperalphaspecial: 00% (3457)
[+]                   special: 00% (203)
[*] Advanced Mask statistics...
[+]      ?d?d?d?d?d?d?d?d?d?d: 23% (478224)
[+]      ?l?l?l?l?l?l?l?l?l?l: 20% (416961)
[+]      ?l?l?l?l?l?l?l?l?d?d: 10% (213117)
[+]      ?l?l?l?l?l?l?d?d?d?d: 07% (160596)
[+]      ?l?l?l?l?l?l?l?l?l?d: 06% (129833)
[+]      ?l?l?l?l?l?l?l?d?d?d: 04% (87613)
[+]      ?l?l?l?l?d?d?d?d?d?d: 01% (33277)

    0x05 policygen用法示例

    生成Hashcat掩模为 8(-length = 8)和 含有至少1个大写字母 长度 (-minupper 1)和至少 1位数 (-mindigit 1), 节约了掩模 一个文件 (-o complexity.hcmask)

    
:~# policygen --length=8 --minupper 1 --mindigit 1 -o complexity.hcmask
[*] Password policy:
[+] Password length: 8
[+] Minimum strength: lower: 0, upper: 1, digits: 1, special: 0
[+] Maximum strength: lower: 8, upper: 8, digits: 8, special: 8
[*] Total Masks:  65536 Runtime: [76d|1834h|110078m|6604680s]
[*] Policy Masks: 52670 Runtime: [40d|977h|58659m|3519568s]

:~# head complexity.hcmask 
?l?l?l?l?l?l?u?d
?l?l?l?l?l?l?d?u
?l?l?l?l?l?u?l?d
?l?l?l?l?l?u?u?d
?l?l?l?l?l?u?d?l
?l?l?l?l?l?u?d?u
?l?l?l?l?l?u?d?d
?l?l?l?l?l?u?d?s
?l?l?l?l?l?u?s?d
?l?l?l?l?l?d?l?u

    原文来自:https://www.hackfun.org/kali-tools/pack_zh.html。转载请注明原出处,商用请联系原作者授权。

results matching ""

    No results matching ""