PACK 0.0.3 - Password Analysis and Cracking Kit

[iphelix <iphelix () thesprawl org>]

Hello fulldisclosure,

I would like to share an update to a toolkit built to aid in password
cracking and analysis attacks.

PACK (Password Analysis and Cracking Toolkit) is a collection of 
utilities
for analysis of plaintext passwords to find common patterns such as 
word
mangling rules, password masks and source words. All of the tools
produce output for the Hashcat password cracker.

The latest update includes a rule generation engine (rulegen.py)
which uses a Reverse Levenshtein Paths algorithm to reverse word 
mangling
rules. For example, the analysis of the password "1P@SSW0D" would 
produce
the following rules and source words in the Hashcat format:

[+] Password => ^1 sa@ u sO0 D7 => 1P@SSW0D
[+] Password => ^1 sa@ u D6 sR0 => 1P@SSW0D

Using the above information you could attempt to recover passwords 
using
similar rules and/or source words.

Other tools in the kit can produce similar analysis of character-set 
masks
used to produce passwords. For example, "Password123" would produce a 
mask
?u?l?l?l?l?l?l??d?d?d that once more could be applied against still
uncovered hashes. At last, you can get general password statistics such
as length, character sets and other patterns.

PACK (Password Analysis and Cracking Kit) source and documentation:
http://thesprawl.org/projects/pack/

Automatic Password Rule Analysis and Generation research paper:
http://thesprawl.org/research/automatic-password-rule-analysis-generation/

Sincerely,
  -Peter



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/