12-07-2022, 12:45 AM
(This post was last modified: 12-07-2022, 12:52 AM by robinh007d.)
We have attempted to brute force the password for a blockchain wallet from 2013.
We have used blockchain2john.py to create a $blockchain$ hash.
We also do not know how much is in the wallet, it could be 0.
We are using the command: ./hashcat blockchain.hash -a3 -w4 -i
Our hashcat rig has got to 10 characters and now we realise this is indeed a very long time to complete :-)
We know the password is a mixture of lowercase/uppercase/numbers/symbols.
We think its a capital letter word followed by 2 numbers and a symbol but unsure on the symbol.
For example, there are no $ or [ in the password.
We have narrowed the symbol used down to some possibilities: !, ;, : and @
So now we are going to try a combination/mask attack.
Our questions at this time:
How can we produce a mask attack that excludes all symbols except a few?
How can we produce something that will suit our needs?
How do we know if our commands passed into hashcat are working?
What is an example command for hashcat for a blockchain wallet?
Can we find the address without cracking the password?
Thanks
We have used blockchain2john.py to create a $blockchain$ hash.
We also do not know how much is in the wallet, it could be 0.
We are using the command: ./hashcat blockchain.hash -a3 -w4 -i
Our hashcat rig has got to 10 characters and now we realise this is indeed a very long time to complete :-)
We know the password is a mixture of lowercase/uppercase/numbers/symbols.
We think its a capital letter word followed by 2 numbers and a symbol but unsure on the symbol.
For example, there are no $ or [ in the password.
We have narrowed the symbol used down to some possibilities: !, ;, : and @
So now we are going to try a combination/mask attack.
Our questions at this time:
How can we produce a mask attack that excludes all symbols except a few?
How can we produce something that will suit our needs?
How do we know if our commands passed into hashcat are working?
What is an example command for hashcat for a blockchain wallet?
Can we find the address without cracking the password?
Thanks