Generator of fortune
#1
Hi, I would like to let you know about a tool I made for the purpose of generating passwords and piping them to cracking software.

I was first trying to bruteforce wpa2 handshakes, and these were by default 26 characters long and hexadecimal.
The little issue here is that it just cannot be done. But what about being lucky ? So I first wrote a generator that was solely random, before settling to the evidence that it was too much left out of luck, what about duplication ? restoring a session ?
What is the best compromise here ? We have to break the linearity of the generation, markov chains are meant for that, but there are doing things in a human way, which is not what I wanted. The other point is about being able to work on multiple lengths at the same time, this part is only a trick (as far as my program is concerned).
What I'm putting forward here is what I called the rain, these are enough of my people's tears to break up long and complex passwords.

If you are interested you can go to https://github.com/e2002e/zhou

Zhou is the tribe of the king Wen who rebelled against a tyrannic lord, putting an end to the tortures, corruptions, and altogether, of evil in China about 6000 years ago.
This king wrote a book called the Zhou Yi Ching, meaning the "easy changes of Zhou". As I once used X11 to alternate the symbols of the book, I could not help notice that I looked like rain falling, and still cannot help thinking that he arranged the sequence in that very purpose.

The way you should use this software is with rules, keeping the character set as simple as possible and adding rules to exploit the full capabilities of you GPU.
Reply
#2
(06-14-2020, 08:17 PM)owein Wrote: Hi, I would like to let you know about a tool I made for the purpose of generating passwords and piping them to cracking software.

I was first trying to bruteforce wpa2 handshakes, and these were by default 26 characters long and hexadecimal.
The little issue here is that it just cannot be done. But what about being lucky ? So I first wrote a generator that was solely random, before settling to the evidence that it was too much left out of luck, what about duplication ? restoring a session ?
What is the best compromise here ? We have to break the linearity of the generation, markov chains are meant for that, but there are doing things in a human way, which is not what I wanted. The other point is about being able to work on multiple lengths at the same time, this part is only a trick (as far as my program is concerned).
What I'm putting forward here is what I called the rain, these are enough of my people's tears to break up long and complex passwords.

If you are interested you can go to https://github.com/e2002e/zhou

Zhou is the tribe of the king Wen who rebelled against a tyrannic lord, putting an end to the tortures, corruptions, and altogether, of evil in China about 6000 years ago.
This king wrote a book called the Zhou Yi Ching, meaning the "easy changes of Zhou". As I once used X11 to alternate the symbols of the book, I could not help notice that I looked like rain falling, and still cannot help thinking that he arranged the sequence in that very purpose.

The way you should use this software is with rules, keeping the character set as simple as possible and adding rules to exploit the full capabilities of you GPU.


Great Job congratulations, im running your generator but my question is, if you want to break a pass of 12 characters only alfa uppcase and lowcase how many gigas do you need?
Reply
#3
what's going on here? one (actually 2) completely new forum accounts without any previous posts suddently talking about a tool with very strange description and furthermore a tool that was already considered as WONT IMPLEMENT here: https://github.com/hashcat/hashcat/issues/1984 . I must admit I'm just a "little bit" suspicious here... hopefully I'm wrong... but things like this don't really happen normally (we just have 2 new forum users, speaking about and "praising" an external tool).

So please forgive my suspiciousness, but why are you both suddently registering here and speaking about this tool ? What is this even for ?
Reply
#4
(06-15-2020, 11:06 AM)philsmd Wrote: what's going on here? one (actually 2) completely new forum accounts without any previous posts suddently talking about a tool with very strange description and furthermore a tool that was already considered as WONT IMPLEMENT here: https://github.com/hashcat/hashcat/issues/1984 . I must admit I'm just a "little bit" suspicious here... hopefully I'm wrong... but things like this don't really happen normally (we just have 2 new forum users, speaking about and "praising" an external tool).

So please forgive my suspiciousness, but why are you both suddently registering here and speaking about this tool ? What is this even for ?

I dont know what is your problem? im a new in this issue and i have to do many checks with many kind hashes, i dont know the author of zhou tools. its would be fantastic that you forget your suspicious 

have a good day
Reply
#5
im sorry to tell you that you tools dont be effective i need a dictionary of 12 characters with letters upcase and lowcase i ran your scripts and he give me a dictionary of 26 gb its too much little to 12 character i ran hashcat with this dictionary and hashcat not found the pass.

You should  inspect your algoritm.
Reply
#6
Hi, first this is ok to have suspicion because you talked about it, YET I did suscribe to the thread and so should have received a message about replies which I did not get, and when scrolling to the threds, couldn't find my post, so I connected and found it, but can't explain why nobody is going to see this anymore.
That is not correct.
Now that I answered to this 'suspicion's matter', kelevra, if you have issues with the software, please don't just put it down here but fill an issue on github, and to be clear, this software is meant to be run through stdio, why would there be any other software that let's you save more than what your hardware can receive ?
Back to the administrators: please unblock thus thread.
Reply
#7
(06-18-2020, 05:20 PM)owein Wrote: Back to the administrators: please unblock thus thread.

this thread is neither locked nor hidden nor anything similar.
Reply
#8
26 char hexadecimal can be done by generating 1 wordlist file of 8char hex of all possible outcomes and then using ./combinator3 from the hashcat utils and a mask at the end adding the final 2 digits.

if you have more space then I and the time to do it one 13char file and then running hashcat in combinator mode supplying the same wordlist twice would work also. this also speeds up the cracking speeds on the faster hashes.

Also, if you use hashcat to generate the wordlist for you using masks and a little ingenuity and then look at it...the markov chains they use actually do some interesting stuff. and it would likely help with your situation. i mean there might be better ways to do it then that even but it doesnt require you to write a whole separate program. the compressed 8char hex uses less then 300 MB on my pc. Armed with that knowledge and the --limit --skip and --keyspace flags. you can even stop and start your attacks as you wish.

I have a similar situation to you and I have been trying to figure out the best way to approach it and thats why this post caught my attention.
Reply
#9
"
26 char hexadecimal can be done by generating 1 wordlist file of 8char hex of all possible outcomes and then using ./combinator3 from the hashcat utils and a mask at the end adding the final 2 digits. "

True just like using jumbo john with prince attack, already a little bit space demanding I think.

"if you have more space then I and the time to do it one 13char file and then running hashcat in combinator mode supplying the same wordlist twice would work also. this also speeds up the cracking speeds on the faster hashes. "

Yes you are right about the speed in any case a wordlist will go faster than a pipe, but with enough rules using characters not present in the sets you can match with it.
The other point is that the software I'm introducing is looping around minlen to maxlen when creating the words.

"Also, if you use hashcat to generate the wordlist for you using masks and a little ingenuity and then look at it...the markov chains they use actually do some interesting stuff. and it would likely help with your situation. i mean there might be better ways to do it then that even but it doesnt require you to write a whole separate program. the compressed 8char hex uses less then 300 MB on my pc. Armed with that knowledge and the --limit --skip  and --keyspace flags. you can even stop and start your attacks as you wish.

I have a similar situation to you and I have been trying to figure out the best way to approach it and thats why this post caught my attention."

You know I was just testing what could be done for not having to wait for aaa.....000 to go to zzz.....999. I see markov are working well but you also need to wait for a length of 8 being done to go to the next and so on, this might be discouraging and so I am trying to "spray" an attack on the hash.

Right now it's not to compare to hashcat, but I still want to put on some efforts at doing a mask or a set of masks instead of --min --max in correlation with --set option. The few popular hashes should be implemented with known optimizations (simd, matematical shortcuts)

[/quote]
Reply