09-29-2020, 06:41 PM
(This post was last modified: 09-29-2020, 07:08 PM by AndrewOnDev.)
(09-29-2020, 05:20 PM)Peanutbutter1 Wrote: This is awesome. Is there any interest in a variation of this attack that, instead of using rules on each individual hash's associated hint, you can provide a short list of hints to try for that hash only? Like for password reuse wordlist attacks.
Example:
password1!:<bcrypt hash>
mypass,funnybunny,pass1:<another bcrypt hash>
That way, you can attack each hash with more than just one base word that is likely to crack it.
You can do it like this:
Code:
hash.txt:
hash1
hash1
hash1
wordlist.txt:
mypass
funnybunny
pass1Which I believe is better solution because this way some parsing issues are easily avoided (comma in the hint word etc.)
Although I agree that, probably JTR like format would be better.
Code:
pass1:hash1
pass2:hash1
pass3:hash1Regarding the new attack mode, it's truly amazing. Thank you very much for your hard work. I understand it's very early version but if I may suggest few things at this moment (if you're not looking for user suggestions yet then please just ignore it):
- I believe that JtR like format hint:hash would be great
- Making it work properly with potfile would also be huge improvement
- Enabling debug mode for this attack