Posts: 20
Threads: 4
Joined: Nov 2017
Hello, hashcat community.
I live in Ukraine and I'm faced with the problem that many WPA passwords in my country are transliterated from Cyrillic to English. I cannot find leaked transliterated Cyrillic passwords to use as a wordlist in hashcat.
If you have such a wordlist or a link, please, share.
Note: this problem is not about UTF-8 hashes. The passwords are still ASCII, they're just made from Russian / Ukrainian words.
Less common case is Russian words, typed in English keyboard ("лопата" -> "kjgfnf", etc.)
Posts: 2,301
Threads: 11
Joined: Jul 2010
the table lookup attack from hashcat-legacy can do that, assuming you create a corresponding lookup table:
https://hashcat.net/wiki/doku.php?id=tab...kup_attack
Posts: 230
Threads: 4
Joined: Aug 2015
Take a look at the leetspeak.rule file in hashcat's /rules folder. It specifies rules for substituting one character for another, e.g.:
sa4
sa@
One rule to substitute (s) character 'a' -> '4' and another rule for 'a' -> '@'
A form of transliteration! I'd suggest that you make your own transliterate.rule file like so (using your own example):
etc.
Then run hashcat in -a 0 mode with a Ukranian wordlist and your new -r transliterate.rule.
Posts: 2,301
Threads: 11
Joined: Jul 2010
(12-01-2017, 12:01 AM)rico Wrote: A form of transliteration! I'd suggest that you make your own transliterate.rule file like so (using your own example)
note this can get pretty messy with mulitibyte encodings. same for the table lookup attack in hashcat legacy iirc.
Posts: 20
Threads: 1
Joined: Sep 2011
Check the dicts here:
http://wpa-sec.stanev.org/?dicts
More specifically Wikipedia ru and wp_chit bg
Those are suitable for WPA cracking and are created with wlc - very simple python tool, that supports transcoding:
http://sec.stanev.org/?download
Posts: 930
Threads: 4
Joined: Jan 2015
RealEnder, wlc was new to me - thanks for the tip, looks very useful.
~
Posts: 20
Threads: 4
Joined: Nov 2017
Although wlc is indeed a useful tool, it produces unrealistic passwords, at least the ones I found in Wikipedia.ru dict. For example, in Russian "I speak" you say differently from "you speak" and "they speak" because of the verb suffix. As a result, wlc produces a lot of trash alongside with the true candidates.
That's why I'm interested in leaked passwords.
Posts: 2,936
Threads: 12
Joined: May 2012
(12-01-2017, 12:04 AM)undeath Wrote: this can get pretty messy with mulitibyte encodings. same for the table lookup attack in hashcat legacy iirc.
Wide character support was added to the table attack engine in hashcat-legacy for this exact purpose:
https://hashcat.net/forum/thread-1506.html