PolicyGen – A lot of the mask and dictionary attacks will fail in the corporate environment with minimum password complexity requirements. Instead of resorting to a pure bruteforcing attack, we can leverage known or guessed password complexity rules to avoid trying password candidates that are not compliant with the policy or inversely only audit for noncompliant passwords. Using PolicyGen, you will be able to generate a collection of masks following the password complexity in order to significantly reduce the cracking time.
--version show program's version number and exit -h, --help show this help message and exit -o masks.hcmask, --outputmasks=masks.hcmask Save masks to a file --pps=1000000000 Passwords per Second --showmasks Show matching masks --noncompliant Generate masks for noncompliant passwords -q, --quiet Don't show headers. Password Policy: Define the minimum (or maximum) password strength policy that you would like to test --minlength=8 Minimum password length --maxlength=8 Maximum password length --mindigit=1 Minimum number of digits --minlower=1 Minimum number of lower-case characters --minupper=1 Minimum number of upper-case characters --minspecial=1 Minimum number of special characters --maxdigit=3 Maximum number of digits --maxlower=3 Maximum number of lower-case characters --maxupper=3 Maximum number of upper-case characters --maxspecial=3 Maximum number of special characters
cyborg@cyborg:~$ sudo policygen --minlength 5 --minlength 7 --minlower 2 --minupper 1 -o complex.hcmask _ Policy Gen 0.0.2 | | _ __ __ _ ___| | _ | '_ \ / _` |/ __| |/ / | |_) | (_| | (__| < | .__/ \__,_|\___|_|\_\ | | |_| [email protected] [*] Saving generated masks to [complex.hcmask] [*] Using 1,000,000,000 keys/sec for calculations. [*] Password policy: Pass Lengths: min:7 max:8 Min strength: l:2 u:1 d:None s:None Max strength: l:None u:None d:None s:None [*] Generating [compliant] masks. [*] Generating 7 character password masks. [*] Generating 8 character password masks. [*] Total Masks: 81920 Time: 77 days, 14:13:58 [*] Policy Masks: 43681 Time: 48 days, 4:18:34