Found passwords post-processing
#1
Hello everyone,

with all those recent leaks I was wondering if there is an efficient way to post-process passwords. For example we all know that the following strings come from the same word:
Code:
Pa$$word
password123
123password123
Password!!

Which steps we can use to reduce the previous passwords to the good old password? I was thinking about stripping leading/trailing digits and special chars, then lowercase it and replace any leet speech.
Do you have any improvement to suggest?
Do you think that it could be an useful post-processing?
Some time ago atom said he was writing an article about this topic, but I never had the chance to read it.
Reply
#2
Hi vladimir125,

I gave a talk at the Passwords 16 conference in Cambridge regarding generating efficient wordlists. Once of the items was a tool I wrote called RuraSort which can do what you want.

You can find it here : https://github.com/rurapenthe/rurasort

Additionally, there are very good tools from Hashcat:
https://hashcat.net/wiki/doku.php?id=hashcat_utils

Another one from Hashkiller/blandy:
http://home.btconnect.com/md5decrypter/App.RegEx.zip

I would also recommend you read this forum post too:
https://hashcat.net/forum/thread-655-page-2.html




-R

(06-02-2016, 04:58 PM)vladimir125 Wrote: Hello everyone,

with all those recent leaks I was wondering if there is an efficient way to post-process passwords. For example we all know that the following strings come from the same word:
Code:
Pa$$word
password123
123password123
Password!!

Which steps we can use to reduce the previous passwords to the good old password? I was thinking about stripping leading/trailing digits and special chars, then lowercase it and replace any leet speech.
Do you have any improvement to suggest?
Do you think that it could be an useful post-processing?
Some time ago atom said he was writing an article about this topic, but I never had the chance to read it.
Reply
#3
Thank you very much for those links!
Reply