• Stars
    star
    313
  • Rank 133,714 (Top 3 %)
  • Language
    C
  • Created over 7 years ago
  • Updated over 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

OMEN: Ordered Markov ENumerator - Password Guesser

OMEN: Ordered Markov ENumerator

OMEN is a Markov model-based password guesser written in C. It generates password candidates according to their occurrence probabilities, i.e., it outputs most likely passwords first. OMEN significantly improves guessing speed over existing proposals. If you are interested in the details on how OMEN improves on existing Markov model-based password guessing approaches, please refer to OMEN: Faster Password Guessing Using an Ordered Markov Enumerator.

User Guide

OMEN consists of two separate program modules: createNG and enumNG. createNG calculates n-gram probabilities based on a given list of passwords and stores them on the hard disk. Based on these probabilities enumNG enumerates new passwords in the correct order (descending).

Installation

Use a recent Linux version make sure you have installed git (Git version control system), gcc (GNU Compiler Collection), and make (GNU Make). You can install it under Ubuntu Linux via:

$ sudo apt-get install build-essential git

Check out the source code via:

$ git clone https://github.com/RUB-SysSec/OMEN.git OMEN

Change into the newly created directory OMEN and run:

$ make

If compilation is successful, you can find createNG and enumNG within the current directory.

.
β”œβ”€β”€ alphabetCreator
β”œβ”€β”€ createNG
β”œβ”€β”€ docs
β”‚Β Β  β”œβ”€β”€ CHANGELOG.md
β”‚Β Β  β”œβ”€β”€ LICENSE
β”‚Β Β  └── screenshots
β”œβ”€β”€ enumNG
β”œβ”€β”€ evalPW
β”œβ”€β”€ makefile
β”œβ”€β”€ README.md
└── src
    β”œβ”€β”€ alphabetCreator.c
    ...

If you like, you can now remove the src folder and the makefile file, they are no longer used.

Windows User?

A short installation guide using Cygwin on Windows 10 can be found here.

Basic Usage

Before one can generate any passwords, the n-gram probabilities have to be estimated using createNG. To calculate the probabilities using the default settings, createNG must be called giving a path to a password list that should be trained:

$ ./createNG --iPwdList password-training-list.txt

Each password of the given list must be in a new line. The module then reads and evaluates the list generating a couple of files. Besides a config file (createConfig) storing the used settings (in this case the default setting), several files are created containing information about the grams and the password length. These files have the extension '.level':

  • IP.level (Initial Probability): Stores the probabilities of the first (n-1)-gram of each password.
  • CP.level (Conditional Probability): Stores the probabilities of the actual n-grams.
  • EP.level (End Probability): Stores the probabilities of the last (n-1)-gram of each password.
  • LN.level (Length): Stores the probabilities for the password length.

The probabilities of each n-gram and the lengths are mapped to levels between 0 (most likely) and 10 (least likely). Once those files are created, enumNG can be used to generate a list of passwords ordered by probabilities. Currently, enumNG supports three modes of operation: file, stdout, simulated plaintext attack. In the default mode of enumNG, a list of password guesses based on these levels is created. Using the command

$ ./enumNG

generates 1 billion passwords and stores them in a text file, which can be found in the 'results' folder. The passwords in this file are ordered by level (i.e., by probability). Since common text editors are not able to handle such huge files, it is recommended for testing to reduce the number of passwords created. This can be done using the argument -m.

$ ./enumNG -m 10000

It will create an ordered list with 10,000 passwords only. If you are interested in printing the passwords to the standard output (stdout) stream use the argument -p.

$ ./enumNG -p -m 10000

If you are interested in evaluating the guessing performance against a plaintext password test set use the argument -s. Please note: In this mode OMEN benefits from the adaptive length scheduling algorithm incorporating live feedback, which is not available (due to the missing feedback channel) in file and stdout mode.

$ ./enumNG -s=password-testing-list.txt -m 10000

The result of this evaluation can be found in the 'results' folder.

Both modules provide a help dialog which can be shown using the -h or --help argument.

Password Cracking

How to get from $2a$10$HNYF4KajSTqxIP/KoiB5tOCVeKUgvscTh32hhAmppFk4T/USmI2B. to "GoodOMEN!123"?

Ethics

OMEN was developed for academic use cases like improving probabilistic password modeling, estimating guess numbers or password strength, in general, to improve password security. Do not abuse this software to harm other people's privacy or to break the law.

Preimage Attacks

Popular hash evaluators like Hashcat and John the Ripper support hundreds of hash and cipher formats and could be easily integrated due to their support to read password candidates via their standard input (stdin) stream.

$ ./enumNG -p -m 10000 | ./hashcat64.bin ...

or

$ ./enumNG -p -m 10000 | ./john --stdin ...

For optimal guessing performance, consider to train createNG with a password distribution that is similar to the one you like to crack.

Please note: Using probabilistic password modeling to crack passwords, in general, should only be considered against slow hashes (e.g., bcrypt, PBKDF2, scrypt, or Argon2) were the number of feasible guesses is limited or in very targeted attacks. In contrast, for very fast hashes (MD5, SHA-1, or NTLM), using good dictionaries and mangling rules (e.g., best64.rule) are the way to go.

If you are interested in this topic, consider to read the following papers and their related work (this list is incomplete, you can help by expanding it):

Probabilistic Context-Free Grammars

  • Password Cracking Using Probabilistic Context-Free Grammars (SP '09)
  • Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms (SP '12)
  • On the Semantic Patterns of Passwords and their Security Impact (NDSS '14)
  • Next Gen PCFG Password Cracking (TIFS '15)
  • ...
  • Software A, Software B

Markov Models

  • Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff (CCS '05)
  • OMEN+: When Privacy meets Security: Leveraging personal information for password cracking (CoRR '13)
  • A Study of Probabilistic Password Models (SP '14)
  • OMEN: Faster Password Guessing Using an Ordered Markov Enumerator (ESSoS '15)
  • ...
  • Software A, Software B

Neural Networks

  • Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks (USENIX '16)
  • Using Neural Networks for Password Cracking (Blog post by Sebastian Neef '16)
  • Design and Evaluation of a Data-Driven Password Meter (CHI '17)
  • ...
  • Software A, Software B

Hybrids

  • John the Ripper 'Incremental' Mode
  • Introducing the PRINCE Attack-Mode (PASSWORDS '14)
  • ...
  • Software A, Software B

Approach Comparison

  • Measuring Real-World Accuracies and Biases in Modeling Password Guessability (USENIX '15)
  • A Framework for Comparing Password Guessing Strategies (PASSWORDS '15)
  • PARS: A Uniform and Open-source Password Analysis and Research System (ACSAC '15)
  • ...
  • Software A, Software B

Advanced Usage

Both modules provide several command line arguments to select the various modes available and change the default settings. For instance, the probability distribution created during the createNG process may be manipulated by choosing one of the supported smoothing functions, the n-gram size, or the used alphabet. All available parameters for createNG, a short description, and the default values can be seen by calling the program with -h or --help. The same works for enumNG where for instance, the enumeration mode, the used length scheduling algorithm (only used in -s mode, see 'Basic Usage' section), and the maximum amount of attempts can be selected. If no enumeration mode is given, the default mode is executed, storing all created passwords in a text file in the 'results' folder.

OMEN+

OMEN+ is based on When Privacy Meets Security: Leveraging Personal Information for Password Cracking and is an additional feature of OMEN (implemented in the same binary). Using additional personal information about a user (e.g., a password hint or personal background information scraped from a social network) may help in speeding up the password guessing process (comparable to John the Ripper 'Single crack' mode).

Therefore, a related hint or several hints (tabulator separated) must be provided in a separate file. Furthermore, an alpha file is required containing the respective alpha values (tab separated in one line). Alpha values are used to weight the impact of the provided hints. Important is that for each hint in a line an alpha has to be specified in the alpha file. These alphas have to be in the same order as the hints per line.

Exemplary, we want to guess the password "Mary'sPW2305". The corresponding line in the hint file containing first name, username, date of birth, and email address looks like the following:

mary   mary1   19880523    [email protected]

An alpha file should order the related alpha values for first name, username, date of birth, and email address in the same order as in the hint file. In example:

1   2   1   2

For the usage of OMEN+ enumNG must be called giving a path to a hint and an alpha file:

$ ./enumNG -H hint-file.txt -a alpha-file.txt

Performance

OMEN

Smoothing Configuration

The smoothing function is selected and configured using a configuration file (createConfig). The file must contain the name of the smoothing function and may contain the values for any variable parameters. The file should be formatted like this:

<name>
-<parameter>_<target> <value>
...

At this time, the only supported smoothing functions are none or additive smoothing.

The allowed parameters (<parameter>) are:

  • levelAdjust (level adjustment factor, heavily influence performance, i.e., good are 100-250)
  • delta (additive smoothing adds a value Ξ΄ (delta) to each n-gram, i.e., 0,1,2, ...)

The allowed targets (<target>) are:

  • IP (Initial Probability)
  • CP (Conditional Probability)
  • EP (End Probability)
  • all (Parameter is used for all possible targets)

Notice, one value for a single target overwrites the one set for all.

An exemplary for the add1(250) (Additive Smoothing (Ξ΄=1), Level Adjustment Factor of 250) smoothing setting:

additive
-delta_all 1
-delta_LN 0
-levelAdjust_all 250
-levelAdjust_CP 2
-levelAdjust_LN 1

Additional Program Modules

Besides the two main modules createNG and enumNG, OMEN provides two other program modules: evalPW and alphabetCreator. evalPW evaluates a given password and alphabetCreator creates an alphabet with the most frequent character in a given password list. Both modules should be considered experimental.

evalPW

It reads a given password and evaluates its strength by returning a password-level. The result is based on the levels generated by createNG. The password-level is the sum of each occurring n-gram level, based on the level lists IP, CP, and EP. The current implementation of evalPW is only a prototype and does not support the whole possible functionality and contains lots of bugs. For example, the actual password length does not influence the password-level. Therefore, only passwords with the same length can be compared to each other.

$ ./evalPW --pw=demo123

alphabetCreator

If you want to limit OMEN to passwords complying to a given alphabet you can specify this in the configuration file (createConfig). To determine the most promising alphabet, the alphabetCreator might be able to help you. The program module creates a new alphabet based on a given password list. The characters of the new alphabet are ordered by their frequency in the password list, beginning with the highest frequency. The length of the alphabet is variable. The created alphabet is based on the 8-bit ASCII table according to ISO 8859-1 (not allowing ’\n’, ’\r’, ’\t’, and ’ ’ (space)). Characters that are not part of this table are ignored. Also, an existing alphabet may be extended with the most frequent characters.

# Based on the frequency statistics of the training file (password-training-list.txt), we generate the new alphabet (new-alphabet-file.alphabet)
$ ./alphabetCreator --pwList password-training-list.txt --size 95 --output new-alphabet-file

# Optional: Verification
$ cat new-alphabet-file.alphabet
ae1ionrls20tm39c8dy54hu6b7kgpjvfwzAxEIOLRNSTMqCDB.YH!U_PKGJ-*VF@WZ#/X$,&+Q?\)=(';%<]~[:^`">{}|

# Now you can train OMEN using the newly generated alphabet
$ ./createNG --iPwdList password-training-list.txt -A new-alphabet-file.alphabet -v

# Optional: Verification
$ ./enumNG -p -m 1000 > top1k.txt
$ grep password top1k.txt
password

FAQ

  • Very poor performance and strange looking passwords? Make sure you generated the alphabet file with the alphabetCreator. Manually generating the alphabet is not supported (see Issue#4).

License

The Ordered Markov ENumerator (OMEN) is licensed under the MIT license. Refer to docs/LICENSE for more information.

Third-Party Libraries

  • getopt is part of the GNU C Library (glibc) and used to parse command line arguments. The developer, the license, and the source code can be downloaded here.
  • uthash is a hash table for C structures developed by Troy D. Hanson. The source code and the license can be downloaded here.

Contact

Visit our website and follow us on Twitter. If you are interested in passwords, consider to contribute and to attend the International Conference on Passwords (PASSWORDS).

More Repositories

1

DroneSecurity

DroneSecurity (NDSS 2023)
Python
945
star
2

kAFL

Code for the USENIX 2017 paper: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
Python
550
star
3

redqueen

Python
339
star
4

Microcode

Microcode Updates for the USENIX 2017 paper: Reverse Engineering x86 Processor Microcode
Python
297
star
5

syntia

Program synthesis based deobfuscation framework for the USENIX 2017 paper "Syntia: Synthesizing the Semantics of Obfuscated Code"
Python
296
star
6

mobile_sentinel

Python
187
star
7

nyx-net

Python
176
star
8

Nyx

USENIX 2021 - Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
C
169
star
9

ijon

C
164
star
10

GANDCTAnalysis

Code for the ICML 2020 paper: Leveraging Frequency Analysis for Deep Fake Image Recognition.
Python
161
star
11

nautilus

a grammar based feedback fuzzer
Rust
158
star
12

aurora

Usenix Security 2021 - AURORA: Statistical Crash Analysis for Automated Root Cause Explanation
Rust
146
star
13

grimoire

Python
125
star
14

loki

Hardening code obfuscation against automated attacks
Python
125
star
15

Password-Guessing-Framework

A Framework for Comparing Password Guessing Strategies
Python
120
star
16

Marx

Uncovering Class Hierarchies in C++ Programs
C++
114
star
17

antifuzz

AntiFuzz: Impeding Fuzzing Audits of Binary Executables
C
101
star
18

EthBMC

The code repository for the 2020 Usenix Security paper "EthBMC: A Bounded Model Checker for Smart Contracts"
Rust
91
star
19

WaveFake

Python
71
star
20

SiemensS7-Bootloader

Client utility for Siemens S7 bootloader special access feature
Python
55
star
21

NEMO

Modeling Password Guessability Using Markov Models
Python
54
star
22

gadget_synthesis

Esorics 2021 - Towards Automating Code-Reuse Attacks Using Synthesized Gadget Chains
Python
54
star
23

EvilCoder

Code for the paper EvilCoder: Automated Bug Insertion at ACSAC 2016
Java
42
star
24

JIT-Picker

Swift
34
star
25

cupid

Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing
C
29
star
26

Probfuscator

An Obfuscation Approach using Probabilistic Control Flows
C#
28
star
27

Hypercube

NDSS 2020 - HYPER-CUBE: High-Dimensional Hypervisor Fuzzing
C
24
star
28

ijon-data

14
star
29

PrimGen

ACSAC 2018 paper: Towards Automated Generation of Exploitation Primitives for Web Browsers
HTML
13
star
30

adversarial-papers

TeX
12
star
31

DroneSecurity-Fuzzer

DroneSecurity Fuzzer (NDSS 2023)
11
star
32

dompteur

C++
10
star
33

we-value-your-privacy

Results and data from the paper "We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR’s Impact on Web Privacy"
9
star
34

VPS

VTable Pointer Separation
C++
7
star
35

APC

Android (Unlock) Pattern Classifier
Kotlin
6
star
36

WindowsVTV

MinGW for 32bit with Vtable pointer verification (VTV)
C++
6
star
37

nyx-net-profuzzbench

Shell
6
star
38

PriDi

Python
5
star
39

xTag-mtalloc

C
5
star
40

SUCI-artifacts

some PCAPs and logs
5
star
41

ASSS

Application-Specific Software Stacks
4
star
42

xTag

4
star
43

MiddleboxProtocolStudy

Auxiliary material for NDSS'20 paper: On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways
Python
4
star
44

Password-Strength-Meter-Accuracy

Measuring the Accuracy of Password Strength Meters
Python
3
star
45

uninformed-consent

Repo for material related to the CCS 2019 paper, "(Un)informed Consent: Studying GDPR Consent Notices in the Field"
3
star
46

be-the-phisher

Code related to the study presented in "Be the Phisher - Understanding Users’ Perception of Malicious Domains" @ AsiaCCS 2020
Jupyter Notebook
2
star
47

symtegrity

Code for the DIMVA 2018 paper "On the Weaknesses of Function Table Randomization"
2
star
48

MastersOfTime

2
star
49

libXSGS

Implementation of DelerablΓ©e and Pointcheval's eXtremely Short Group Signatures (XSGS)
Shell
2
star
50

xTag-llvm

C++
1
star
51

MachineCodeTimings

JavaScript
1
star
52

tropyhunter

TODO
Python
1
star
53

GDPR-fines

Supplemental Material for the PETS 2022 Paper "Investigating GDPR Fines in the Light of Data Flows"
Jupyter Notebook
1
star
54

GeneratedMediaSurvey

Jupyter Notebook
1
star