Cracking The 12+ Character Password Barrier, Literally
12 Characters? Are you serious?!
What do I mean by cracking 12 characters passwords and above? I'm simply stating that with modern hardware, like the "budget" cracking rig, we can almost exhaustively search the highest probability keyspace for candidate passwords, against fast hashes like MD5, NTLM, SHA1, etc..., in a reasonable amount of time. Normally anything above 8 characters isn’t practical and/or feasible to brute force against standard fast hashing algorithms. When factoring in language and human peculiarities, like the average English word is only 4.79 characters long and people preferring multiple common words when creating 10 characters or longer passwords, you are within cracking distance of these passwords. For a quick reference guide to the various cracking tools and their usage check out Hash Crack on Amazon. Also if you're needing a resource to aid in making stronger passwords for your most sensitive accounts, go take a look at the One-Time Grid: Random Password Book for random password generation, creation, and storage.
Why are 12+ character passwords vulnerable?
Practically speaking, people that manually create passwords above 10 characters, for the most part, use common words or phrases. Why do they do this? Because remembering the password "horsebattery123" is way easier than "GFj27ef8%k$39". It's just simple human behavior exhibiting path of least resistance that will always exist and, until auto-generating password managers gain mass adoption, this vulnerability will always be around. I agree that XKCD's password strength cartoon of four random words is sound but only for non-fast hashing algorithms like bcrypt. In this article we will demonstrate Combo and Hybrid Attacks using Hashcat that will expand your cracking knowledge toolkit. These examples will show how an attacker can efficiently attack this larger keyspace, with modern hardware, and make these so called strong passwords succumb to his cracking methodology.
Combo & Hybrid Attack Background
First a quick background of these attack methods:
Combo Attack: all words in two dictionaries are appended to each other.
pass => password, passpass, passlion
word => wordpass, wordword, wordlion
lion => lionpass, lionword, lionlion
Hybrid Attack: a dictionary attack but with the ability to append/prepend a brute-force mask.
pass => passAbc, passBcd, passCde
word => wordAbc, wordBcd, wordCde
lion => lionAbc, lionBcd, lionCde
Let's look at how the Combo attack can help us with passwords that are English words appended to each other, and the best dictionary to get the job accomplished is Google's 10,000 most common words list. This is a list of the 10,000 most common English words in order of frequency, as determined by n-gram frequency analysis of the Google's Trillion Word Corpus. Now lets use an example of two randomly selected english words combined to form a 16 character password like shippingnovember.
Here's how we would combo attack this password with Hashcat if it was hashed as an Md5:
hashcat -a 1 -m 0 hash.txt google-10000.txt google-10000.txt
By having Hashcat combine every word in this list to each other the password falls in less than 1 second using modern hardware. Not too shabby and this attack will still work reasonably well against some of the medium to slower hash types as well.
Before the critics say, "Well you could just capitalize the words or add a digit or special character and you would be fine to form a new password like ShippingNovember. Well let us test that theory real quick. Let's combine that google-10000 dictionary into one single dictionary using Hashcat utils "combinator.bin". This allows us to manipulate the combined words with rules.
combinator.bin google-10000.txt google-10000.txt > google-10000-combined.txt
Now that we have our newly combined dictionary we can just run a rules based attack against the new modified password ShippingNovember using Hashcat like below:
hashcat -a 0 -m 0 hash.txt google-10000-combined.txt -r best64.rule
This one falls in 28 seconds, so much for that theory. And we could create rules to account for added special characters, non-traditional placement, 133t speek, etc... you get the point.
Now using the combined dictionary we just created let's go after a three word random phrase password like "securityobjectivesbulletin"...looks pretty strong right? But since we just created the new "google-10000-combined.txt" dictionary we can use the combo attack again like the following with double-words in the first dictionary and single words in the second dictionary:
hashcat -a 1 -m 0 hash.txt google-10000-combined.txt google-10000.txt
This one could have been a little more difficult if some character variation was added but as you can see the straight random english words fall in 2 seconds. Are you seeing a trend here yet?
Let's go big and attack the XKCD password instructions of four random english words to create a new password "sourceinterfacesgatheredartists". This addition of one more word just drastically increased our keyspace to 10,000,000,000,000,000 candidates, but just like the previous attacks it will fall, mostly because of us using MD5 as the hashing function. Again we will use our newly created "combined" dictionary twice and tell Hashcat to perform a combo attack:
hashcat -a 1 -m 0 hash.txt google-10000-combined.txt google-10000-combined.txt
This cracking attempt could have taken 4 days to complete, using modern hardware, but luckily we found the candidate just 5hrs 35mins into the cracking session. Simple modifications to this password like numbers or special characters in the middle would have made this password beyond our reach but again random common words is no match.
Hybrid Attacks take a little more creativity to find interesting attack plans but it's so much fun when you find that perfect pattern. It's like gold mining for passwords, when you hit that rich vein of patterns and the passwords begin to scroll by in real-time in your terminal, you could almost levitate out of your seat.
Google-10000 + Mask
For the first example we will use our previous work from the Combo Attack demonstration and incorporate the google-10000.txt list to form the base words of our candidate generation. Then we are going to break out PACK (Password Analysis and Cracking Kit) and focus on the hashesorg251015.txt dictionary from weakpass.com. I picked the hashesorg dictionary because of its efficiency rating of 65.9 and its relatively small size. What we will do is analyze the hashesorg dataset and create masks based on the most popular password patterns constrained to a certain character length. These masks will be appended/prepended to our base words from google-10000.txt to form an efficient Hybrid Attack.
Generate initial mask statistics studying passwords of length 5-6 characters and output to a masks file. (Be aware this may take some time to generate)
python statsgen.py hashesorg251015.txt --minlength=5 --maxlength=6 --hiderare -o hashesorg_5or6.masks
Now let's output the masks into Hashcat format into a .hcmasks files so we can use them seamlessly within a Hashcat Hybrid Attack;
python maskgen.py hashesorg_5or6.masks --optindex -o hashesorg_5or6.hcmask
We can now begin the Hybrid Attack using attack mode 6 in Hashcat to append the newly created hashesorg masks file. This will launch a sequential attack beginning with the first mask and working its way down the list. Some attacks will go very quickly and others could take a little more time. For testing purposes we will use a random password 'environmentsqaz472" we know will hit eventually during the attack.
hashcat -a 6 -m 0 hash.txt google-1000.txt hashesorg_5or6.hcmask
This attack took nearly 20 minutes before it eventually cracked reaching the mask ?l?l?l?d?d?d and then it hit with 14 seconds of starting that attack.
Rockyou + Rockyou-1-60.hcmask
Now let's use Hashcat's built-in mask derived from the Rockyou password dataset. The rockyou masks in Hashcat have been broken into smaller chunks that grow in size based on the numbering, which what I assume accounts for the percentage of passwords that fall within that category of masks. We are going to use the smallest .hcmask file rockyou-1-60 because it contains the higher probability masks and it works well with a Hybrid attack. We are also going to pair this with the actual Rockyou passwords which can be retrieved <HERE> at Skullsecurity. Be careful when pairing a mask with a dictionary to ensure the dictionary is not too large, otherwise your attacks will take a VERY long time. I like to keep my Hybrid dictionary size below 500MB and even smaller based on the masks I plan to append/prepend. Let's draw at random from the Rockyou dictionary the password "sophia**!" and we will add an arbitrary date "1996" just like a user would to the front. This leaves us with the password 1996sophia**! to test against. Again this attack is going to run through the lists of mask sequentially contained in the rockyou-1-60 dataset and append to them to every password contained in the Rockyou dictionary.
hashcat -a 7 -m 0 hash.txt rockyou-1-60.hcmask rockyou.txt
This attack hits on a mask of ?d?d?d?d after only a few minutes. Again this is for demonstration purposes but shows the process and power of generating Hybrid Attacks. The rockyou-1-60.hcmask contains 836 different masks representing the top occurrences in the rockyou.txt dictionary, and if that variation isn't enough for you Hashcat includes ALL the masks for the rockyou dataset.
Cut First 5 Chars + Mask
Let's get creative and create our own dictionary and masks to pair with a Hybrid Attack and since we learned that the average English word is 4.79 characters long we will make our dictionary contain words only up to 5 characters long. We will again use the rockyou.txt dictionary for this example. Here is an how we can chop the first 5 characters from the dictionary and sort it uniquely into our new first5_dict.txt dictionary. Depending on your hardware this may take some time to complete. You will also notice this new dictionary comes out to 18MB's in size which is a little on the small side for an attack against MD5 but would be perfect for a slower hash.
cut -c 1-5 rockyou.txt | sort -u > first5_dict.txt
Let's pair this new first5_dict.txt dictionary again with the rockyou-1-60 masks built into Hashcat. Now I know some candidates generated will be below 12 characters but you can always sort out the masks that are below 7 chars and create a new .hcmask file. Now again let's create a random password from the list we will chose Alty5 from the first5_dict.txt and random digits 9402847 to combine them into Alty59402847
hashcat -a 6 -m 0 hash.txt first5_dict.txt rockyou-1-60.hcmask
This attack is especially effective against users who love using the same base words or digits for their passwords but append or prepend "randomness" to the passwords based on the account. This password falls within a total of 30mins.
Straight Mask Attack 12 Chars +
I know this isn't a Hybrid attack but it's worth mentioning that 12 character mask attacks are still reasonable, especially if you formulate them using the PACK tool. A 1 day attack (86400 seconds) can be formulated using the speed of your rig against a certain hash type, which can be measured by performing a hashcat -b -m #type from the terminal. Let's quickly show how to follow these steps to create a mask attack for passwords from 12 - 15 characters in length using PACK. Let's again use the rockyou.txt dictionary as an example to generate these masks, but let's first estimate the speed of our cracking rig against md5 hashes.
hashcat -b -m 0
Now that we know our rigs cracking speed is 76 billion (76,000,000,000 c/s) let's create the new masks using PACK from the rockyou.txt dictionary.
python statsgen.py rockyou.txt -o rockyou.masks
We can now create our Hashcat hcmask file tailored to a 1 day (86400 seconds) cracking speed attack which covers character lengths of 12-15.
python maskgen.py rockyou.masks --optindex --minlength=12 --maxlength=15 --targettime=86400 --pps=76000000000 -o rockyou_12-15.hcmask
Now we can run a series of masks attacks using rockyou_12-15.hcmask against md5 hashes we know will complete within 1 days time. Pretty awesome right?!
hashcat -a 3 -m 0 hash.txt rockyou_12-15.hcmask
So as you can see 12 character passwords are not that inconceivable to crack. It just takes a little finessing and a little creativity to formulate the correct strategy. Also don't always assume that since your password is above 11 characters that the online service you trusted with this password is going to hash it properly, thanks $4.8billion company Yahoo. I hope I've demonstrated that you need unique words, digits and not just four random common words all lowercased, and if you need more convincing check out my friend Troy Hunt's write-up <HERE>. If you are really smart you will begin using a password manager like Keepass or the One-Time Grid: Random Password Book for random password generation, creation, and storage. You can follow me on Twitter @netmux, and lastly for a good pocket reference guide on cracking tool usage and syntax check out Hash Crack.
We just sent you an email. Please click the link in the email to confirm your subscription!