Presented at
BSidesLV 2023,
Aug. 8, 2023, 6 p.m.
(45 minutes)
Password cracking is all about patterns, behavior, understanding, and adapting. New technologies and password policies may mandate specific password generation patterns but they also drive a "culture" of wider adoption of phrases, l33t5p34k, and pseudo randomness. When one runs out of techniques and exhausts all the wordlists, rulesets and masks but still only reaches the 98%-mark, new techniques become essential to improvise for handling the remaining 2% of the hashes. The elusive 2% are those which benefit from the new techniques which will be discussed in this talk. Complex and multidisciplinary techniques usually drive cracking sessions down rabbit holes. With the only feedback being a single successfully cracked complex password, is impossible to use these techniques for cracking ‘mainstream' passwords. And this is why mainstream tools and ethical hackers won't waste time testing or using these techniques. However, the few remaining uncracked passwords normally contain privileged and/or advanced user accounts. In this talk, I will therefore cover non-traditional password cracking techniques that (through trial and error and randomness) produced good results and yielded interesting passwords.
Presenters:
-
Yiannis
Celebrating almost two decades of password cracking research and proud member of team Hashcat, Yiannis makes his own rules, wordlists and cracks complex passwords. He makes wordlists out of anything, including this bio. Although impractical, he doesn't care about the 98% of the passwords but is rather obsessed with the remaining 2% - leading to the rabbit.
Links:
Similar Presentations: