Fitcrack supports following attack types:
- Dictionary attack
- Combination attack
- Brute-force attack
- Hybrid attack: wordlist + mask
- Hybrid attack: mask + wordlist
Each type is described below.
With dictionary attack, Fitcrack will try every possible password from given password dictionaries. When you add a new job, select dictionary attack as shown in the picture below. Then you can select (1.) one or more dictionaries you want to use. For each dictionary available, you can see the keyspace signifying the number of passwords which will be used. If you choose multiple dictionaries, the total keyspace of the job is a sum of keyspaces of all selected dictionaries.
It is also possible to select (2.) a file with password-mangling rules. The rules enhance the repertoire of passwords, however, increase the total keyspace of the job. This is because Fitcrack applies every rule from the rule file to each dictionary password. The total keyspace is calculated as the sum of dictionary keyspaces multiplies by the number of rules in the rule file.
The combination attack is based on combining passwords from two dictionaries: left (1.) and right (2.) dictionary. Each password from the left dictionary is concatenated with each from the right dictionary. Such newly created passwords are then used for cracking.
It is also possible to define (3. and 4.) up to two password-mangling rules. The left (right) rule will be applied on every password from the left (right) dictionary before the concatenation mentioned above. Unlike in dictionary attack, the use of rules in combination attack does not increase the password keyspace.
The brute-force attack allows the user to define one or more password masks which define how a password may look like. Fitcrack then tries every possible permutation of characters upon each mask.
A mask is simply a template defining allowed characters on each position. On each position, it may contain either a concrete character, or a substitute symbol for a group of characters – e.g. ?l for lowercase letter, or ?d for digit.
For example, mask
He?l?lo?d stands for all passwords between
In masks, following basic substitute symbols are allowed:
- ?l or a-z – lowercase Latin letters:
- ?u or A-Z – uppercase Latin letters:
- ?d or 0-9 – digits:
- ?s or special – special ASCII characters including spaces, punctuation, etc.:
- ?h or 0-f – characters representing hexadecimal digits with small letters:
- ?H or 0-F – characters representing hexadecimal digits with big letters:
- ?a or a-z,A-Z,0-9,special – any character from ?l, ?u, ?d, ?s
- ?b or ASCII – all ASCII characters starting from 0x00 (0) to 0xFF (255)
You can create a mask by using a mask editor shown in the figure below. For crafting masks, you can either use the buttons (1.) for typing substitute symbols, or you can enter the mask by yourself (2.) as text. You can also use multiple masks – if you want to add a new mask, click on the + button (3.).
It is also possible to load In Fitcrack, you do not have to enter masks manually every time you create a new job. You can have the masks stored in a mask set (.hcmask) file. By clicking on button, you can choose a mask file, and the masks will be imported automatically.
Custom character sets
The basic set of substitute symbols can be enhanced by using custom character sets. In 4., you can select up to four .hcchr files with custom character sets. After adding new charset, new buttons (1.) will appear in the mask editor and you will be able to use one or more of the following extra substitute symbols:
- ?1 – custom character set no. 1
- ?2 – custom character set no. 2
- ?3 – custom character set no. 3
- ?4 – custom character set no. 4
For generating passwords, the brute-force attack does not employ the traditional lexicographical order of characters (meaning b will be after a, etc.), but uses Markov chains instead. The order of generating password candidates is defined by a probability matrix(es) in a Markov statistics file (with .hcstat2 extension). For each brute-force attack, Fitcrack allows you to select (5.) the file with Markov statistics which will be used.
Hybrid attacks combine the dictionary and brute-force approaches. The password candidates are crafted from two parts: One part is taken from a dictionary like in Combination attack. The other part is generated from mask using the brute-force technique. Depending of which types is made from dictionary and which from mask, we can distinguish between two types of hybrid attacks:
- Hybrid wordlist+mask – the left part is taken from dictionary, the right part from mask
- Hybrid mask+wordlist – the left part is generated from mask, the right part is taken from dictionary.
The figure below shows an example of wordlist+mask hybrid attack. You have to select one or more dictionaries for the left part of the password (1.), and one or more masks for the right part (2.). Like within the combination attack, you can define password-mangling rules for left and right parts.