06-28-2022, 06:32 PM
Hello All, hoping someone can help me with ideas to a specific attack I'd like to run, or point me to a thread if it exists on this topic.
Basically, I have a list of $Bcrypt hashes, with a known password for each. The catch is, I have an all LOWER version of the password, meaning I need to run a toggle attack on the password to actually match it.
Applying a rule that toggles the casing is easy enough, no problem..
However here's my puzzle:
I want to apply a toggle.rule to lc($pass1), and use the resulting dictionary for specifically $Bcrypt1.
I'm trying to avoid applying the resulting dictionary to the entire Bcrypt hash list. So visually...
The data I have is essentially in the following format, so it is easy to match the correct lc($pass) to each $bcrypt.
$bcrypt: MD5(lc($pass)): lc($pass)
Any ideas welcome!
Basically, I have a list of $Bcrypt hashes, with a known password for each. The catch is, I have an all LOWER version of the password, meaning I need to run a toggle attack on the password to actually match it.
Applying a rule that toggles the casing is easy enough, no problem..
However here's my puzzle:
I want to apply a toggle.rule to lc($pass1), and use the resulting dictionary for specifically $Bcrypt1.
I'm trying to avoid applying the resulting dictionary to the entire Bcrypt hash list. So visually...
Code:
pAss1 --> Bcrypt1
paSs1
pasS1
Pass2-->Bcrypt2
pAss2
paSs2
The data I have is essentially in the following format, so it is easy to match the correct lc($pass) to each $bcrypt.
$bcrypt: MD5(lc($pass)): lc($pass)
Code:
$2a$12$4FOWYjeL4AtnSuWqP7.1NeeBejEvwBFI/K3Pjt2r0jg5RhnPF38ja:158b297d0ef08840de89398a34b1c600:123abc
$2a$12$zK2RRlnbtzm/0X0ZSuMrJ.L8v4KSOGnOuXDtDcPkw.ic6qeV.cg4i:07a5b0e7ffc18929e817b1be718370de:21371
$2a$12$ckj.vGs/PeVcW2QSBSDxiOd7njytqQRmAb1CSp3sVu6jP64HCuiZW:2050bb7826fd22e6c8650bfc0d73a17d:amanda
$2a$12$hXyDQ5smw33i6bgY.qnbOeWzVbWnpGg3RWzy2tJi/J3yvsb7qv4NS:15b7b613f316c43a89c8b3e650c22b78:buster00
Any ideas welcome!