Comboleetor

Comboleetor - Password Fragment Combinator with Optional Leetspeak

comboleetor.pl combines word blocks, numbers, and punctuation in any order determined by an input specification. The resulting output can be further subjected to ‘leetspeak’ substitutions and serial capitalization.

Say you have to create a password list with some words, numbers, and punctuation such as:

foo000!
foo001!
...
foo000~
foo001~
...
bar000#
bar001#
...
baz000^
baz001^

comboleetor.pl can do what you need. Read on below for more details.

The output can be fed directly into hashcat - the premier password cracking program.

Get the code as a gzipped tarball here. Requires GetOpt::Std.

A training presentation is available here.

Usage

perl comboleetor.pl  [-b blocksfile] [-n numbersfile] [-c] [-s] [-h | -H]

     where blocksfile and numbersfile contain word blocks and numbers respectively,
     default files are blocks.txt and numbers.txt in the current directory.

     -c  Serialize capitalization throughout the output word
     -s  Print all hashes and exit. Allows you to see the contents
         of all hashes just prior to combining.  Useful for debugging.
     -h  Print short help
     -H  Print longer help text with examples (this text)

comboleetor.pl - password generator combining
                 blocks, numbers, punctuation,
                 and 'leetspeak' substitutions.

Input Specification

The input specification allows for up to five characters of the following set in any order:

   B  word blocks

   b  word blocks subjected to leet substitutions at output.

   N  Number elements

   P  Punctuation elements

The goal is to produce all possible combinations of these elments in the order they are specified. The specification of elements comes from the user on stdin via terminal, pipe, file, etc.

For example, consider the blocks file (default ‘blocks.txt’) containing two words:

   tin
   can

and the numbers file (default ‘numbers.txt’) containing three numbers

   031
   072
   2600

Running comboleetor.pl like this

   echo 'BN' | perl comboleetor.pl

produces the following on stdout:

   can
   can2600
   can031
   can072
   tin
   tin2600
   tin031
   tin072

Another example:

   echo 'NBN' | perl comboleetor.pl

produces on stdout:

   2600
   2600can
   2600can2600
   2600can031
   2600can072
   2600tin
   2600tin2600
   2600tin031
   2600tin072
   031
   031can
   031can2600
   031can031
   031can072
   031tin
   031tin2600
   031tin031
   031tin072
   072
   072can
   072can2600
   072can031
   072can072
   072tin
   072tin2600
   072tin031
   072tin072

The -c option provides serialized capitalization. Each letter is capitalized in turn.

  echo 'B' | perl comboleetor.pl -c

produces on stdout:

   can
   can
   Can
   cAn
   CAn
   caN
   CaN
   cAN
   CAN
   tin
   tin
   Tin
   tIn
   TIn
   tiN
   TiN
   tIN
   TIN

With ‘b’, there is leetspeak substitution. The next example shows interactive use of the program from the terminal. Some additional output to stderr is shown. To output just the passwords, redirect stdout to a separate file.

   $ perl comboleetor.pl
   :>> b
   BLOCKS with leet subs.


   ===========================================================


   can
   can
   (an
   c4n
   (4n
   ca|\|
   (a|\|
   c4|\|
   (4|\|
   can
   (an
   c@n
   (@n
   ca|\|
   (a|\|
   c@|\|
   (@|\|
   can
   (an
   c/-\n
   (/-\n
   ca|\|
   (a|\|
   c/-\|\|
   (/-\|\|
   tin
   tin
   7in
   t!n
   7!n
   ti|\|
   7i|\|
   t!|\|
   7!|\|
   tin
   +in
   t!n
   +!n
   ti|\|
   +i|\|
   t!|\|
   +!|\|
   :>> ^D
   END
   $

If you do not see your favorite leet substitution, edit the code and re-run.

This can also be combined with the -c option, which capitalizes any lower case characters that appear in the leet output:

   $ perl comboleetor.pl -c
   :>> b
   BLOCKS with leet subs.

   ===========================================================

   (4|\|
   +i|\|
   +i|\|
   +I|\|
   c/-\|\|
   c/-\|\|
   C/-\|\|
   ca|\|
   ca|\|
   Ca|\|
   cA|\|
   CA|\|
   can
   can
   Can
   cAn
   CAn
   caN
   CaN
   cAN
   CAN
   (@|\|
   ti|\|
   ti|\|
   Ti|\|
   tI|\|
   TI|\|
   +in
   +in
   +In
   +iN
   +IN
   (@n
   (@n
   (@N
   c@|\|
   c@|\|
   C@|\|
   c/-\n
   c/-\n
   C/-\n
   c/-\N
   C/-\N
   t!n
   t!n
   T!n
   t!N
   T!N
   (a|\|
   (a|\|
   (A|\|
   c4n
   c4n
   C4n
   c4N
   C4N
   t!|\|
   t!|\|
   T!|\|
   c@n
   c@n
   C@n
   c@N
   C@N
   (/-\|\|
   c4|\|
   c4|\|
   C4|\|
   +!|\|
   (an
   (an
   (An
   (aN
   (AN
   tin
   tin
   Tin
   tIn
   TIn
   tiN
   TiN
   tIN
   TIN
   (4n
   (4n
   (4N
   (/-\n
   (/-\n
   (/-\N
   +!n
   +!n
   +!N
   7in
   7in
   7In
   7iN
   7IN
   7i|\|
   7i|\|
   7I|\|
   7!|\|
   7!n
   7!n
   7!N
   :>> ^D
   END
   $

Note that capitalization with -c happens last, just before output.

Try the following combinations interactively:

   BBN
   BNb
   bNPP

etc.

Note: this program can generate a lot of output. Start with small files and simple patterns to ensure you know how the program operates.

Also, output is not guaranteed to be unique. Certain combinations of options may generate identical output, though the amount of non-unique output is relatively small. To produce unique output, postprocess the output with other tools such as:

  echo 'bb' | perl comboleetor.pl -c | sort | uniq

Numbers and Number Formats

Starting in version 2.0, the usage of the numbers file has changed. Numbers can still be specified one line at a time, but a new syntax is available to generate lists and ranges of numbers with an optional format specification.

Lines may now take the form:

   n | n,n... | n-m | printspec | # Comment...

 where printspec is of the form:

   %[-|+][n][.n][d|x]

   Examples:

     %-03.3d   - left justified, zero filled 3 octet decimal number field

     %-05.5x   - left justified, zero filled 5 octet hexidecimal number field

     %d        - any decimal number, no format applied

The printspec specification is based on the sprintf format definitions. See the “perldoc -f sprintf” function documentation for format details. Generally speaking, in practice, only the ‘d’ and ‘x’ format specifications are of any use. The range syntax makes it easy to create a large number of entries, e.g. 0-9999 produces 1000 entries in the numbers hash.

Format specifications remain in effect until changed, and numbers and or ranges may be overridden by later entries.

For example, consider a numbers file containing:

#
#  Numbers file demonstrating v2.0 syntax
#
#
# Start with a print spec of a 3 character zero filled decimal numbers
#
%03.3d
31,72,2600
#
#
# Switch to 5 char zero filled hexadecimal and output a range
#
%05.5x
40-50
#
#
# Remove zero fills and switch back to decimal list and range
#
%d 
1,2,4,10-15

produces a numbers hash containing:

1
2
4
10
11
12
13
14
15
031
00028
00029
0002a
0002b
0002c
0002d
0002e
0002f
00030
00031
00032
072
2600

#
# Note: simple is good.  Try to keep the numbers and formats simple.
# Use the -s option to output all hashes to examine the number entries.
#

Author Rant

Ok, why another combinator?

I needed to recover a password I used over 10 years ago. Back then, I used personal word blocks, numbers, and punctuation in different uh, combinations. Since the end results were usually 10 or more characters or (frequently 12-15) just brute forcing it was not practical. Also, my use of leetspeak is a bit different than most, as I sometimes used multiple characters in my leet substitutions - ‘|_’ for ‘L’ and other similar subs as you can see in the code.

This combinator drastically reduces the search time by only using blocks of text, numbers, punctuation, and leetspeak frequently used.

It is missing some features found in other combinators - rotation, space generation, etc. These can be easily added, or the output can be piped to another combinator that does those operations.

If someone else has already written something just like it, I’ve yet to find it though, to be honest, I didn’t look really hard :-).

I hope it’s useful to someone else besides me.

If you like it, drop me a line - jpb Atsign jimby.name

Posted to forum.hashcat.net by the author.