PACK包装说明

PACK是为了在密码帮助开裂竞争“笑死我,如果你能”的Defcon黑客大会2010年这个工具包的目标是通过分析常见的方式,人们以帮助准备“比暴力破解好”的口令攻击的过程中发生开发创建密码。后的分析阶段,统计数据库可以被用于产生攻击口罩如oclHashcat工具。注:该工具本身无法破解密码,而且还帮助其他工具破解更多的密码更快。

资料来源:http://thesprawl.org/projects/pack/
PACK首页 | 卡利PACK回购

  • 作者:iphelix
  • 许可:GPLv3的

包含在驮包工具

dictstat - 生成字典文件统计
[email protected]:~# dictstat -h
[?] Psyco is not available. Install Psyco on 32-bit systems for faster parsing.
Usage: dictstat [options] passwords.txt

Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -l 8, --length=8      Password length filter.
  -c loweralpha, --charset=loweralpha
                        Password charset filter.
  -m stringdigit, --mask=stringdigit
                        Password mask filter
  -o masks.csv, --maskoutput=masks.csv
                        Save masks to a file

maskgen - 生成hashcat口罩

[email protected]:~# maskgen -h
Usage: maskgen [options] masksfile.csv

Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  --minlength=8         Minimum password length
  --maxlength=8         Maximum password length
  --mintime=MINTIME     Minimum time to crack
  --maxtime=MAXTIME     Maximum time to crack
  --complexity=COMPLEXITY
                        maximum password complexity
  --occurence=OCCURENCE
                        minimum times mask was used
  --checkmask=?u?l ?l ?l ?l ?l ?d
                        check mask coverage
  --showmasks           Show matching masks
  --pps=1000000000      Passwords per Second

policygen - 生成hashcat口罩

[email protected]:~# policygen -h
Usage: policygen [options]

Type --help for more options

Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  --length=8            Password length
  -o masks.txt, --output=masks.txt
                        Save masks to a file
  --pps=1000000000      Passwords per Second
  -v, --verbose

  Password Policy:
    Define the minimum (or maximum) password strength policy that you
    would like to test

    --mindigits=1       Minimum number of digits
    --minlower=1        Minimum number of lower-case characters
    --minupper=1        Minimum number of upper-case characters
    --minspecial=1      Minimum number of special characters
    --maxdigits=3       Maximum number of digits
    --maxlower=3        Maximum number of lower-case characters
    --maxupper=3        Maximum number of upper-case characters
    --maxspecial=3      Maximum number of special characters

dictstat用法示例

生成的统计信息的密码与包含在单词表RockYou的(rockyou.txt)10(-l 10)的长度

[email protected]:~# dictstat -l 10 rockyou.txt
[?] Psyco is not available. Install Psyco on 32-bit systems for faster parsing.
[*] Analyzing passwords: rockyou.txt
[+] Analyzing 14% (2013690/14344392) passwords
    NOTE: Statistics below is relative to the number of analyzed passwords, not total number of passwords

[*] Line Count Statistics...
[+]                        10: 100% (2013690)

[*] Mask statistics...
[+]               stringdigit: 37% (750966)
[+]                  alldigit: 23% (478224)
[+]                 allstring: 22% (452145)
[+]                 othermask: 04% (90240)
[+]               digitstring: 03% (78964)
[+]         stringdigitstring: 02% (59783)
[+]       stringspecialstring: 01% (33178)
[+]        stringspecialdigit: 01% (25295)
[+]             stringspecial: 01% (22176)
[+]          digitstringdigit: 00% (17290)
[+]      specialstringspecial: 00% (3459)
[+]             specialstring: 00% (1767)
[+]                allspecial: 00% (203)

[*] Charset statistics...
[+]             loweralphanum: 41% (836189)
[+]                   numeric: 23% (478224)
[+]                loweralpha: 20% (416961)
[+]      loweralphaspecialnum: 03% (66553)
[+]         loweralphaspecial: 02% (55720)
[+]             mixedalphanum: 02% (54199)
[+]             upperalphanum: 02% (47431)
[+]                upperalpha: 00% (19723)
[+]                mixedalpha: 00% (15461)
[+]      mixedalphaspecialnum: 00% (9014)
[+]         mixedalphaspecial: 00% (6856)
[+]      upperalphaspecialnum: 00% (3699)
[+]         upperalphaspecial: 00% (3457)
[+]                   special: 00% (203)

[*] Advanced Mask statistics...
[+]      ?d?d?d?d?d?d?d?d?d?d: 23% (478224)
[+]      ?l?l?l?l?l?l?l?l?l?l: 20% (416961)
[+]      ?l?l?l?l?l?l?l?l?d?d: 10% (213117)
[+]      ?l?l?l?l?l?l?d?d?d?d: 07% (160596)
[+]      ?l?l?l?l?l?l?l?l?l?d: 06% (129833)
[+]      ?l?l?l?l?l?l?l?d?d?d: 04% (87613)
[+]      ?l?l?l?l?d?d?d?d?d?d: 01% (33277)

policygen用法示例

生成Hashcat掩模为8(-length = 8)和含有至少1个大写字母长度(-minupper 1)和至少 1位数(-mindigit 1),节约了掩模一个文件(-o complexity.hcmask)

[email protected]:~# policygen --length=8 --minupper 1 --mindigit 1 -o complexity.hcmask
[*] Password policy:
[+] Password length: 8
[+] Minimum strength: lower: 0, upper: 1, digits: 1, special: 0
[+] Maximum strength: lower: 8, upper: 8, digits: 8, special: 8
[*] Total Masks:  65536 Runtime: [76d|1834h|110078m|6604680s]
[*] Policy Masks: 52670 Runtime: [40d|977h|58659m|3519568s]
[email protected]:~# head complexity.hcmask
?l?l?l?l?l?l?u?d
?l?l?l?l?l?l?d?u
?l?l?l?l?l?u?l?d
?l?l?l?l?l?u?u?d
?l?l?l?l?l?u?d?l
?l?l?l?l?l?u?d?u
?l?l?l?l?l?u?d?d
?l?l?l?l?l?u?d?s
?l?l?l?l?l?u?s?d
?l?l?l?l?l?d?l?u