Password Cracking - Patterns
When cracking passwords, always look for patterns in the cracked passwords. Humans are creatures of habit and the familiar, so there are almost always patterns. Once you have the pattern, then you can create custom wordlists using those patterns. For instance, working through a combined public password dump of passwords that other hackers hadn’t been able to crack yet, I found character codes in the dump. Instead of using the ampersand, apostrophe, quotation marks, less than, or greater than signs when the database stored the hashes, it turned them into HTML (or XML) character codes and then hashed them. So, instead of storing an “&” in the password database, an “&” was stored. Or, the decimal ASCII code was used, “#038”.
Thus, the password “behappy&” became “behappy&”. It was then converted into a hash and stored. When cracking these passwords, you have to...