1

I have an old USB drive encrypted with Truecrypt and can't read my password writing. I can't tell if it's a capital or lower case letter and not sure if it's a 0 or an o, a t or a + on about 7 spaces. I have basic computer knowledge and would really appreciate your help.

Sounds like I need a password generator to put together a wordlist. I'm not sure what would be a good generator that could be told "in this space, it's either a z or a Z and this space it's either a t or a +" etc.

Any advice on how to later implement the wordlist would be greatly appreciated. I don't understand the commands I've seen people write to get the computer to run a command (not sure if that is correct).

Esa Jokinen
  • 16,100
  • 5
  • 50
  • 55
Erik
  • 11
  • 1
  • 1
    Unfortunately, this is not looking like a security question but a request for a tutorial. Most wordlist generators are commandline tools, and we can't walk you through how to use the commandline. Plus there are tons of tutorials out there can do walk a new user through the whole process. – schroeder Jun 27 '21 at 08:02
  • 2
    I think "on about 7 spaces" gives the amount of uncertain characters, and that they aren't complete wildcards, but something like `I/l/1` or `o/O/0`. Should be rather easy. For clarity, I would add an example of such password with the uncertain characters. – Esa Jokinen Jun 27 '21 at 12:42

2 Answers2

2

Here is a Bash script (shortened from partialpassword.sh) that reads your password(s) from a file and saves a password list with all the combinations of ambiguous characters, given as extra arguments.

Say your password was MMMMlI1O0t+ and you you have three sets of ambiguous characters:

  • I, l and 1
  • O, o and 0
  • t and +

Try echo "MMMMlI1O0t+" | ./partialpassword.sh - - Il1 Oo0 t+

This will give you a password list with all the 972 (3⁵×2²) possible combinations.

#!/bin/bash
# -----------------------------------------------------------
# Creates a new wordlist from a wordlist by replacing all
# ambiguous characters with all their possible combinations.
#
# Usage: partialpassword.sh input.txt output.txt O0 [Il1 ...]
#
# Using "-" as the input reads the passwords from stdin.
# Using "-" as the output prints the wordlist to stdout.
# -----------------------------------------------------------

if [ "$#" -lt 3 ]; then
  printf "\n%s\n" "Usage: $0 input.txt output.txt O0 [Il1 ...]" >&2
  printf "\n%s\n" "Using \"-\" as the input reads the passwords from stdin." >&2
  printf "%s\n" "Using \"-\" as the output prints the wordlist to stdout." >&2
  exit 1
fi

# Read file or stdin.
pwlist=$(cat "$1") || exit 1

for alternatives in "${@:3}"; do

  # First, replace all other characters with the first one.
  for (( i=1; i<${#alternatives}; i++ )); do
    pwlist=$(
      printf "%s" "$pwlist" \
        | sed 's/'${alternatives:$i:1}'/'${alternatives:0:1}'/g'
      )
  done

  # Get max number of characters to be replaced.
  max=$(
    printf "%s" "$pwlist" \
      | sed 's/[^'$alternatives']//g' \
      | awk '{ print length }' \
      | sort -n \
      | tail -n 1
    )

  # Add new combinations.
  for (( i=1; i<${#alternatives}; i++ )); do
    for (( j=1; j<=$max; j++ )); do
      for (( k=$max; k>=j; k-- )); do
        new=$(
          printf "%s" "$pwlist" \
            | sed "s/"${alternatives:0:1}"/"${alternatives:$i:1}/$k""
          )
        pwlist=$(printf "%s\n%s" "$pwlist" "$new" | sort -u)
      done
    done
  done

done

# Save the file or print the output to stdout.
if [ "$2" = "-" ]; then
  printf "%s\n" "$pwlist"
else
  printf "%s\n" "$pwlist" > $2 || exit 1
  printf "\n%s\n" "Done."
fi
Esa Jokinen
  • 16,100
  • 5
  • 50
  • 55
  • Although very useful, in general, since the OP mentions that they do not know how to use the commandline, they likely do not use Linux, and therefore will not be able to use bash. – schroeder Jun 28 '21 at 07:43
  • 1
    Ah, that's what the last sentence means. I may have overestimated the "basic computer knowledge" mentioned earlier. However, this script might be helpful for someone in the future, although the algorithm used doesn't scale up very well. – Esa Jokinen Jun 28 '21 at 08:01
  • That's why I'm guessing the OP is looking for a basic tutorial. If there are only 7 characters, then the list can be created with a simple script. – schroeder Jun 28 '21 at 08:55
  • If you remove the sanity checks from the beginning, this is a rather simple script, too. It's just a bit more generic than writing the loops for fixed set of alternative characters. – Esa Jokinen Jun 28 '21 at 09:00
  • it's a nice little script – schroeder Jun 28 '21 at 09:02
  • 1
    How to run this script on Windows: 1) install [Git for windows](https://gitforwindows.org/). This will install "Git bash". 2) Download the script named "partialpassword.sh". 3) In the folder where the script is downloaded, create a file named "input.txt" (right click -> new text file) and write your password in it. Save and close. 4) In the folder where the script is downloaded, right click -> select "Git Bash Here". In the window that opens, type `./partialpassword.sh input.txt output.txt Il1 Oo0 t+` 5) The generated wordlist is in the file "output.txt". – A. Hersean Jun 28 '21 at 12:25
  • On Windows, with the method I mentioned above, I get an error at "line 39". If you have it, to fix it you need to edit the script "partialpassword.sh" and replace `j<=$max` by `j<$max+1` (at line 38) and replace `k>=j` by `k+1>j` (at line 39). If you find it easier, you can use the search function of your text editor to find this text, usually with the shortcut [CTRL]+[F]. – A. Hersean Jun 28 '21 at 13:22
  • I couldn't reproduce the error on Windows. – Esa Jokinen Jun 28 '21 at 13:40
0

You could use Hashcat for that:

Assuming your 7 sets are:

  1. o0
  2. t+
  3. zZ
  4. Il
  5. 5S
  6. b8
  7. p:

If your password looks like this ab1de2g345j6k7xyz and you don't know the what I noted as 1..7,

1

Install hashcat: https://executeatwill.com/2019/02/11/Install-hashcat-on-windows/ The newest version can be found here at time of writing: https://hashcat.net/files/hashcat-6.2.3.7z

2

Go on the command line (cmd) and into your hashcat folder

You have 4 sets free to set (https://hashcat.net/wiki/doku.php?id=mask_attack)

So run

3

hashcat -a 3 -1 0o -2 t+ -3 zZ -4 Il 'ab?1de?2g?3?45jbkpxyz' --stdout >> mywordlist

the other one 5 to 7 set fixed (the used method is known as mask attack mode).

hashcat -a 3 -1 0o -2 t+ -3 zZ -4 Il 'ab?1de?2g?3?45jbkpxyz' --stdout 

yields

abodetgzl5jbkpxyz
ab0detgzl5jbkpxyz
abode+gzl5jbkpxyz
ab0de+gzl5jbkpxyz
abodetgZI5jbkpxyz
ab0detgZI5jbkpxyz
abode+gZI5jbkpxyz
ab0de+gZI5jbkpxyz
abodetgzI5jbkpxyz
ab0detgzI5jbkpxyz
abode+gzI5jbkpxyz
ab0de+gzI5jbkpxyz
abodetgZl5jbkpxyz
ab0detgZl5jbkpxyz
abode+gZl5jbkpxyz
ab0de+gZl5jbkpxyz

and >> appends into a file (here mywordlist)

4

Change character 7 to the next possible value

hashcat -a 3 -1 0o -2 t+ -3 zZ -4 Il --stdout ab?1de?2g?3?45jbk:xyz >> mywordlist

Then change character 6 and 7

hashcat -a 3 -1 0o -2 t+ -3 zZ -4 Il --stdout ab?1de?2g?3?45j8kpxyz >> mywordlist

and so forth.

You should do this for all possible combinations for example here:

5bp

5b:

58p

58:

Sbp

Sb:

S8p

S8:

everytime adding to wordlist with >>

Part 4 can also be scripted. For a linux-based system you could use the answer of Esa Jokinen. For Windows batch or powershell can be an alternative.

secf00tprint
  • 202
  • 1
  • 11