08-12-2022, 10:01 AM
TL;DR
Need to build a password permuting 3-4 words using/combining basic rules. So... Combinator Attack (same wordlist) + Manually Combining rules? Hybrid Attacks manually Permuting passwords? Straight Attack + Multi-Rules ?? Rule-based attack?? Toggle-attack??
input:
output:
rules:
The story:
Few months ago I bookmarked this thread: Debrief: Cracked Ethereum wallet - a beginners approach
And today I just decided to follow it, the issue is that my approach varies when setting up the password and realized it's kind of convoluted both the attack-mode + using rules.
The first things I tried was making his same strategy, use a wordlist with 'all' the passwords and generate a wordlist with rules (I still don't know how to make rules) so I was thinking on using oneRuleToRuleThemAll... but the issue is that I KNOW how my password is composed and using the biggest compendium of rules it's an overkill, specially knowing that scrypt is SLOW and must be done in CPU instead of GPU.
So, off to the docs and learn how to make rules... here at the bottom I read about Multi-Rules which maybe I can use to merge all toggle? Then I find that there's also the combination attack, which also draws my attention because I need to permute 3 words... but combination adds 3 extra entries (word1word1, word2word2 and word3word3) this times the rules... adds up many password I know are not.
Now I read about hybrid-attack which is the same as combination but with a little difference and might also work because I know that I just append common symbols and I can manually permute the passwords, it ain't that hard.
Then there is Rule-based attack which look like the way to go because I know the rules... but then I need to manually permute the words and also combine all the toggles (or use toggle2.rule + Multi-rules)
So... eventually I think I'll figure it out once I wrap my head around the options and figure out how the rules work if they're all combines or they're executed one by one or if I should first focus on generating the wordlist and then focus on the attack... Still just wanted to share my though process and story. Wish me luck and any suggestion is appreciated.
Need to build a password permuting 3-4 words using/combining basic rules. So... Combinator Attack (same wordlist) + Manually Combining rules? Hybrid Attacks manually Permuting passwords? Straight Attack + Multi-Rules ?? Rule-based attack?? Toggle-attack??
input:
Code:
qwerty
p@ssw0rd
secr3t
output:
Code:
qwertyp@ssw0rd
qwertysecr3t
p@assw0rdqwerty
p@assw0rdsecr3t
secr3tqwerty
secr3tp@ssw0rd
rules:
Code:
## combine all capital and lower (Basically toggle2.rule)
T1
T2
T3
T4
T(nth...)
T1T2
T1T3
T1T4
T1T(nth...)
T1T2T3
T1T2T4
T1T2T(nth)
T(nth)(nth)
## Common replace
ss$
sa@
sA@
se3
sE3
s3e
s3E
## Add common symbol at end
$!
$@
$#
$$
$%
$&
The story:
Few months ago I bookmarked this thread: Debrief: Cracked Ethereum wallet - a beginners approach
And today I just decided to follow it, the issue is that my approach varies when setting up the password and realized it's kind of convoluted both the attack-mode + using rules.
The first things I tried was making his same strategy, use a wordlist with 'all' the passwords and generate a wordlist with rules (I still don't know how to make rules) so I was thinking on using oneRuleToRuleThemAll... but the issue is that I KNOW how my password is composed and using the biggest compendium of rules it's an overkill, specially knowing that scrypt is SLOW and must be done in CPU instead of GPU.
So, off to the docs and learn how to make rules... here at the bottom I read about Multi-Rules which maybe I can use to merge all toggle? Then I find that there's also the combination attack, which also draws my attention because I need to permute 3 words... but combination adds 3 extra entries (word1word1, word2word2 and word3word3) this times the rules... adds up many password I know are not.
Now I read about hybrid-attack which is the same as combination but with a little difference and might also work because I know that I just append common symbols and I can manually permute the passwords, it ain't that hard.
Then there is Rule-based attack which look like the way to go because I know the rules... but then I need to manually permute the words and also combine all the toggles (or use toggle2.rule + Multi-rules)
So... eventually I think I'll figure it out once I wrap my head around the options and figure out how the rules work if they're all combines or they're executed one by one or if I should first focus on generating the wordlist and then focus on the attack... Still just wanted to share my though process and story. Wish me luck and any suggestion is appreciated.