Creating honeywords around a word

[CiaoAnkit]

I was trying to create all possible password around a given word using pcfg_honeywords_v2.py (under archived work).

I get the following errors: python3 pcfg_honewords_v2.py --rule TRAINING_ON_ROCKYOU --output GENERATED.txt --num 10000000000 --dname1 ./temp_file.txt Traceback (most recent call last): File "pcfg_honewords_v2.py", line 643, in <module> main() File "pcfg_honewords_v2.py", line 631, in main honeyWords, File "pcfg_honewords_v2.py", line 574, in createHoney newHoneyWord += terminal UnboundLocalError: local variable 'terminal' referenced before assignment and

python2 pcfg_honewords_v2.py --rule TRAINING_ON_ROCKYOU --output GENERATED.txt --num 10000000000 --dname1 ./temp_file.txt Traceback (most recent call last): File "pcfg_honewords_v2.py", line 643, in <module> main() File "pcfg_honewords_v2.py", line 631, in main honeyWords, File "pcfg_honewords_v2.py", line 454, in createHoney for x in range(int(numHoneyWords[0])): MemoryError

Any clue/suggestion on that?

[lakiw]

I'd recommend using honeyword_gen.py instead. You can read how to do that here:

https://github.com/lakiw/pcfg_cracker/wiki/Honeywords

You can find honeyword_gen.py under the python_pcfg_cracker directory. I'll admit that I haven't looked at the pcfg_honewords_v2.py code in many years, and I don't intend to maintain it. One way to tell that is I never even bothered to update a typo in the program's name ;p

I'll leave this issue open for a couple of days in case you still have any questions, but if not, I'll close it. Good luck!

[CiaoAnkit]

Thanks for the quick response. My idea was to generate all possible combination around a given "possible-password" using the knowledge obtained by PCFG. I believe it is not possible yet. I'll appreciate if you can suggest a lead on that. Tx.

[lakiw]

Automating that capability is on my todo list. Right now, the only way to do that is to manually modify a trained ruleset to give higher probabilities to features you'd like to see. For example, you can modify the base structures in Rules/Default/Grammar/Grammar.txt to have a structure that you'd like to see repeated. Then generate passwords using that modified ruleset and pcfg_manager.py.

You might actually be better off using a tool like John the Ripper or Hashcat along with a custom input dictionary and ruleset to acomplish what you'd like to do. It all depends on how much fuzziness you want with your generated guesses compared to the original password you are basing your guesses off of.

[lakiw]

To clarify the above, you would train the PCFG on a larger set of passwords, or use the default ruleset. You would then manually modify the values inside the ruleset using a text editor to prioritize the features you would like to see it create guesses around. Then generate guesses using pcfg_manager. I normally do this to assign a very high probability around certain words/digits/structures while still occasionally creating guesses that don't include them. You can also do things like remove all base structure values that don't meet certain password creation requirements. So long story short, you can sort of hack something together now to do what you want, but you may have better results using a traditional dictionary based attack using JtR or Hashcat

[CiaoAnkit]

Thanks a lot for the suggestion. It works now. :)

[CiaoAnkit]

Hi, don't want to open a new issue. So, asking here.

Is it possible to generate more Grammer rules by varying some variable? With 80% RockYou set, it generates 16873 rules in the "Grammar.txt" file. I used smoothing factor = {0.1, 0.01}. Probably I missed something, but I just want to be sure that there is no other way to generate more Grammer rules on a given set of passwords.

[lakiw]

Short answer is no. The smoothing option affects the probabilities assigned to the rules, but it doesn't create new rules. For that I've been falling back on using Markov/OMEN based attacks vs trying to generate new base structures that were not seen during training.

If I may ask, is your goal to take a base word and apply all sorts of mangling to it, (aka create more digit/special character mangling, etc), or are you trying to do something else? I'm curious since I'm slowly getting closer to a new release so if there are features people would like or I could better support I'm interested so I can at least put them on my development roadmap.

[CiaoAnkit]

Thanks for the quick response.

Yes, you are right. My goal was to take a base word and apply all sorts of mangling to it to generate all possible combinations on a given base word. Anyways, I'm satisfied with the results PCFG gives now. I just wanted to make sure that there wasn't any possibility to go beyond what I currently have. Thanks again for the support.