Comboleetor - Password Fragment Combinator with Optional Leetspeak
comboleetor.pl combines word blocks, numbers, and punctuation in any order determined by an input specification. The resulting output can be further subjected to ’leetspeak’ substitutions and serial capitalization.
Say you have to create a password list with some words, numbers, and punctuation such as:
foo000! foo001! ... foo000~ foo001~ ... bar000# bar001# ... baz000^ baz001^
comboleetor.pl can do what you need. Read on below for more details.
The output can be fed directly into hashcat - the premier password cracking program.
Get the code as a gzipped tarball here. Requires GetOpt::Std.
A training presentation is available here.
perl comboleetor.pl [-b blocksfile] [-n numbersfile] [-c] [-s] [-h | -H] where blocksfile and numbersfile contain word blocks and numbers respectively, default files are blocks.txt and numbers.txt in the current directory. -c Serialize capitalization throughout the output word -s Print all hashes and exit. Allows you to see the contents of all hashes just prior to combining. Useful for debugging. -h Print short help -H Print longer help text with examples (this text) comboleetor.pl - password generator combining blocks, numbers, punctuation, and 'leetspeak' substitutions.
The input specification allows for up to eight characters of the following set in any order:
B word blocks b word blocks subjected to leet substitutions at output. N Number elements P Punctuation elements
The goal is to produce all possible combinations of these elments in the order they are specified. The specification of elements comes from the user on stdin via terminal, pipe, file, etc.
For example, consider the blocks file (default ‘blocks.txt’) containing two words:
and the numbers file (default ’numbers.txt’) containing three numbers
031 072 2600
Running comboleetor.pl like this
echo 'BN' | perl comboleetor.pl
produces the following on stdout:
can can2600 can031 can072 tin tin2600 tin031 tin072
echo 'NBN' | perl comboleetor.pl
produces on stdout:
2600 2600can 2600can2600 2600can031 2600can072 2600tin 2600tin2600 2600tin031 2600tin072 031 031can 031can2600 031can031 031can072 031tin 031tin2600 031tin031 031tin072 072 072can 072can2600 072can031 072can072 072tin 072tin2600 072tin031 072tin072
The -c option provides serialized capitalization. Each letter is capitalized in turn.
echo 'B' | perl comboleetor.pl -c
produces on stdout:
can can Can cAn CAn caN CaN cAN CAN tin tin Tin tIn TIn tiN TiN tIN TIN
With ‘b’, there is leetspeak substitution. The next example shows interactive use of the program from the terminal. Some additional output to stderr is shown. To output just the passwords, redirect stdout to a separate file.
$ perl comboleetor.pl :>> b BLOCKS with leet subs. =========================================================== can can (an c4n (4n ca|\| (a|\| c4|\| (4|\| can (an c@n (@n ca|\| (a|\| c@|\| (@|\| can (an c/-\n (/-\n ca|\| (a|\| c/-\|\| (/-\|\| tin tin 7in t!n 7!n ti|\| 7i|\| t!|\| 7!|\| tin +in t!n +!n ti|\| +i|\| t!|\| +!|\| :>> ^D END $
If you do not see your favorite leet substitution, edit the code and re-run.
This can also be combined with the -c option, which capitalizes any lower case characters that appear in the leet output:
$ perl comboleetor.pl -c :>> b BLOCKS with leet subs. =========================================================== (4|\| +i|\| +i|\| +I|\| c/-\|\| c/-\|\| C/-\|\| ca|\| ca|\| Ca|\| cA|\| CA|\| can can Can cAn CAn caN CaN cAN CAN (@|\| ti|\| ti|\| Ti|\| tI|\| TI|\| +in +in +In +iN +IN (@n (@n (@N c@|\| c@|\| C@|\| c/-\n c/-\n C/-\n c/-\N C/-\N t!n t!n T!n t!N T!N (a|\| (a|\| (A|\| c4n c4n C4n c4N C4N t!|\| t!|\| T!|\| c@n c@n C@n c@N C@N (/-\|\| c4|\| c4|\| C4|\| +!|\| (an (an (An (aN (AN tin tin Tin tIn TIn tiN TiN tIN TIN (4n (4n (4N (/-\n (/-\n (/-\N +!n +!n +!N 7in 7in 7In 7iN 7IN 7i|\| 7i|\| 7I|\| 7!|\| 7!n 7!n 7!N :>> ^D END $
Note that capitalization with -c happens last, just before output.
Try the following combinations interactively:
BBN BNb bNPP
Note: this program can generate a lot of output. Start with small files and simple patterns to ensure you know how the program operates.
Also, output is not guaranteed to be unique. Certain combinations of options may generate identical output, though the amount of non-unique output is relatively small. To produce unique output, postprocess the output with other tools such as:
echo 'bb' | perl comboleetor.pl -c | sort | uniq
Numbers and Number Formats
Starting in version 2.0, the usage of the numbers file has changed. Numbers can still be specified one line at a time, but a new syntax is available to generate lists and ranges of numbers with an optional format specification.
Lines may now take the form:
n | n,n... | n-m | printspec | # Comment... where printspec is of the form: %[-|+][n][.n][d|x] Examples: %-03.3d - left justified, zero filled 3 octet decimal number field %-05.5x - left justified, zero filled 5 octet hexidecimal number field %d - any decimal number, no format applied
The printspec specification is based on the sprintf format definitions. See the “perldoc -f sprintf” function documentation for format details. Generally speaking, in practice, only the ’d’ and ‘x’ format specifications are of any use. The range syntax makes it easy to create a large number of entries, e.g. 0-9999 produces 1000 entries in the numbers hash.
Format specifications remain in effect until changed, and numbers and or ranges may be overridden by later entries.
For example, consider a numbers file containing:
# # Numbers file demonstrating v2.0 syntax # # # Start with a print spec of a 3 character zero filled decimal numbers # %03.3d 31,72,2600 # # # Switch to 5 char zero filled hexadecimal and output a range # %05.5x 40-50 # # # Remove zero fills and switch back to decimal list and range # %d 1,2,4,10-15
produces a numbers hash containing:
1 2 4 10 11 12 13 14 15 031 00028 00029 0002a 0002b 0002c 0002d 0002e 0002f 00030 00031 00032 072 2600 # # Note: simple is good. Try to keep the numbers and formats simple. # Use the -s option to output all hashes to examine the number entries. #
Ok, why another combinator?
I needed to recover a password I used over 10 years ago. Back then, I used personal word blocks, numbers, and punctuation in different uh, combinations. Since the end results were usually 10 or more characters or (frequently 12-15) just brute forcing it was not practical. Also, my use of leetspeak is a bit different than most, as I sometimes used multiple characters in my leet substitutions - ‘|_’ for ‘L’ and other similar subs as you can see in the code.
This combinator drastically reduces the search time by only using blocks of text, numbers, punctuation, and leetspeak frequently used.
It is missing some features found in other combinators - rotation, space generation, etc. These can be easily added, or the output can be piped to another combinator that does those operations.
If someone else has already written something just like it, I’ve yet to find it though, to be honest, I didn’t look really hard :-).
I hope it’s useful to someone else besides me.
If you like it, drop me a line - jpb Atsign jimby.name
Posted to forum.hashcat.net by the author.