Best way to match reused passwords?
#1
Hi everyone sorry if this has been asked before. Chickenman showed a good way of cracking harder hashes by using reused passwords. Ive used the association attack on usernames and now I would like to try and find reused passwords from emails and match them with the new bcrypt hash.

Basically
- have email:hash
- match email with previously leaked password
- copy previous password to new list in password:hash
- then use the password and hash for -a 9 (associated attack)

I tried doing something in awk with the ExploitIN compilation leak but was getting lots of weird returns (99% of lines had no hash/password) and in the end only ended up with around 1000 valid lines (out of 5million)

Does anyone have any resources that might help me?

Thank you!!
Reply
#2
Thanks for sharing. I have lost my website password related to monthly wapda bills. Now I read your post and recover it. Thank you again.
Reply