Re: policy-based password cracker

[Rembrandt <rembrandt () jpberlin de>]

On Thu, 1 Dec 2005 09:50:10 -0800 (PST)
Chris Costantino <clckct () yahoo com> wrote:

> Hi all,
>
> I am looking for a brute-force password cracker that
> can be configured based on password policies.  For
> example, I am trying to audit a system that I know the
> security policy on (min/max pw length, complexity
> rules, etc)  What I want is to only brute-force
> passwords that fit that policy.  Obviously, min and
> max is not the issue, but I can not seem to find
> anything that will only test passwords that meet
> complexity requirements (lowercase alpha, uppercase
> alpha, number).  Something that generates this into a
> rainbow table would be even better.....
>
> Anyone aware of such a tool?
>
> Thanks in advance,
> Chris

hydra from THC...
It even provides a tool called pw-inspector to modify your wordlists.
In the TODO is an entry that bf was added in the 5.x release (not
confirmed by me).

There Bugs in Hydra but it's working..

Kind regards,
Rembrandt-- 
God did a bless on me,
So accapt the dark side in you.
Hate leads me to victory, so give me a war.

Attachment: _bin
Description: