05-13-2021, 07:33 PM
Hi everyone sorry if this has been asked before. Chickenman showed a good way of cracking harder hashes by using reused passwords. Ive used the association attack on usernames and now I would like to try and find reused passwords from emails and match them with the new bcrypt hash.
Basically
- have email:hash
- match email with previously leaked password
- copy previous password to new list in password:hash
- then use the password and hash for -a 9 (associated attack)
I tried doing something in awk with the ExploitIN compilation leak but was getting lots of weird returns (99% of lines had no hash/password) and in the end only ended up with around 1000 valid lines (out of 5million)
Does anyone have any resources that might help me?
Thank you!!
Basically
- have email:hash
- match email with previously leaked password
- copy previous password to new list in password:hash
- then use the password and hash for -a 9 (associated attack)
I tried doing something in awk with the ExploitIN compilation leak but was getting lots of weird returns (99% of lines had no hash/password) and in the end only ended up with around 1000 valid lines (out of 5million)
Does anyone have any resources that might help me?
Thank you!!