Light

praetorian-inc / hob0rules Goto Github PK

Password cracking rules for Hashcat based on statistics and industry patterns

hob0rules's Introduction

Hob0Rules

Password cracking rules for Hashcat based on statistics and industry patterns. The following blog posts on passwords explain the statistical signifigance of these rulesets:

Statistics Will Crack Your Password

Praetorian Password Cracking Rules Released

Useful wordlists to utilize with these rules have been included in the wordlists directory

Uncompress these with the unfollowing command

gunzip rockyou.txt.gz

##hob064 This ruleset contains 64 of the most frequent password patterns used to crack passwords. Need a hash cracked quickly to move on to more testing? Use this list.

hashcat -a 0 -m 1000 <NTLMHASHES> wordlists/rockyou.txt -r hob064.rule -o cracked.txt

##d3adhob0 This ruleset is much more extensive and utilizes many common password structure ideas seen across every industry. Looking to spend several hours to crack many more hashes? Use this list.

hashcat -a 0 -m 1000 <NTLMHASHES> wordlists/english.txt -r d3adhob0.rule -o cracked.txt

hob0rules's People

Contributors

Stargazers

Watchers

Forkers

bahtiyarb-torba marpie amanaksu lucabongiorni security-geeks ralijah drsect0r wflk andersondadario lu-chi tunelko chankl thisiseast bupt007 itsns hoangcuongflp dotnetgeorge c0dedeaf hxp2k6 lockfale mmalchuk mcaps theralfbrown amlweems sousandrei thezakman samyoyo dutchcoin securitywarrior blindfuzzy cyber-forensic hmsh00d nsk caoimhinp gitcollect avineshwar n0tty ducnp freeroute h5b solertis olivierh59500 hpxpat quikilr sirusdv secsecsec sigtran pyq881120 kxyne minkione toecuta ggoboogy pentest30 adolfaka deje212 maelstrompli bakedmuffinman n1tr0 fanntom detrojones h0r57 defensivethinking mgcfish johnjohnsp1 z3v2cicidi ca1e jeromeli lw1988 binjjam benfang2002 awesome-security ringwraith kernux foggyflag thurday kutim kidbomb wps888 morgothan mkvtvseries m4dnut snowdomain r0ug3 cyberspacekittens vefayss mzpqnxow jdawg82 ajm41 travismullen gavz jbarcia sontrang2003 mactwist1 11moon11 lapindeter flowater tannerjh5 keatk delefrati blackap3rture

hob0rules's Issues

Wierd link, XML and other stuff in rockyou.txt

Hey there!

Searching through the rockyou.txt i have stumbled across a lot of weird stuff.

cat rockyou.txt | grep -i http
... <object width="425" height="355"><param name="movie" value="http://www.youtube.com/v/ytfimr8ogDY&rel=1"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/ytfimr8ogDY&rel=1" type="application/x-shockwave-flash" wm <object width="425" height="355"><param name="movie" value="http://www.youtube.com/v/s9cKnFRJHAo&rel=1&border=0"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/s9cKnFRJHAo&rel=1&border=0" type="application/x-s <object width="425" height="355"><param name="movie" value="http://www.youtube.com/v/5ep1AdKU9fU&rel=1"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/5ep1AdKU9fU&rel=1" type="application/x-shockwave-flash" wm <object width="425" height="355"><param name="movie" value="http://www.youtube.com/v/1m-Se_oeyLw"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/1m-Se_oeyLw" type="application/x-shockwave-flash" wmode="transpa <object width="425" height="355"><param name="movie" value="http://www.pixverse.com/api/pixwall?id=paVh85isGSau-YaVGV6VvkQ-room"></param><param name="wmode" value="transparent"></param><embed src="http://www.pixverse.com/api/pixwall?id=paVh85isGSau-YaVGV6 <object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/gWr9_SrG2YY"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/gWr9_SrG2YY" type="application/x-shockwave-flash" wmode="transpa <object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/a54istXl8qU"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/a54istXl8qU" type="application/x-shockwave-flash" wmode="transpa <object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/PeLZEI7YYls"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/PeLZEI7YYls" type="application/x-shockwave-flash" wmode="transpa <object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/5F4f5Wv_rpw&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><embed src="http://www.youtube.com/v/5F4f5Wv_rpw&hl=en&fs=1" type="application/x-shockw <object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/-t2-Re4IYqQ&hl=es&fs=1"></param><param name="allowFullScreen" value="true"></param><embed src="http://www.youtube.com/v/-t2-Re4IYqQ&hl=es&fs=1" type="application/x-shockw <object width="300" height="80"><param name="movie" value="http://media.imeem.com/m/sEnPQEGZe5"></param><param name="wmode" value="transparent"></param><embed src="http://media.imeem.com/m/sEnPQEGZe5" type="application/x-shockwave-flash" width="300" heigh <object width="300" height="110"><param name="movie" value="http://media.imeem.com/m/5Sko-vDT_u"></param><param name="wmode" value="transparent"></param><embed src="http://media.imeem.com/m/5Sko-vDT_u" type="application/x-shockwave-flash" width="300" heig <object classid=\\ <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="292" height="290" id="music_05" align="middle"><param name="allowScriptAccess" value="alwa <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0" width="283" height="144" id="tt" align="middle"><param name="allowScriptAccess" value="always" /> <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0" width="212" height="121" id="tt" align="middle"><param name="allowScriptAccess" value="always" /> ...

I don't think these are intended passwords.

I know that this repository was not updated in a long time, but I think this "pollution" of the rockyou.txt affects a lot of people due to ...

this was the second result of my google search for rockyou
this repo has a lot of fork and stars

Due to finding these entries in other wordlists I am pretty sure that you didn't add these entries to the password list.

My questions for you:

Do you recall where you got the rockyou.txt from?
Are you interested in having a "cleaner" list and merging it, so I know if it is worth the effort?

Kali

The Kali OS has a preinstalled rockyou.txt.gz. This wordlist has the same findings which means due to the age of the list and that the polluted list is preinstalled, it can be assumed that a lot of kali users use this polluted list.
I don't know from where kali pulls its wordlists but it is interesting that the native kali list is also polluted.

Findings

youtube videos
amazonaws
embedings for apps.rockyou.com
Plain HTML (DOCTYPE, div, tables, ...)

Fix PI decimal

Of course, there is a lot of people using PI as a password but the number is wrong.
There is 3.1416 instead of 3.1415
Please fix this.

gz files can't unpack with native gunzip

this is what I've got on Ubuntu 22:

> gunzip english.txt.g
gzip: english.txt.gz: not in gzip format

Also WinRAR decrunch this with no problem and system explorer says it is Gunzip file. What a mess?

License

Hello!

I'd like to add your code as a package into ArchStrike, however you don't seem to have a license file.

Is it possible for you to create a license?

Thanks

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.