Comboleetor
Comboleetor - Password Fragment Combinator with Optional Leetspeak
comboleetor.pl combines word blocks, numbers, and punctuation in any order determined by an input specification. The resulting output can be further subjected to ‘leetspeak’ substitutions and serial capitalization.
Say you have to create a password list with some words, numbers, and punctuation such as:
foo000!
foo001!
...
foo000~
foo001~
...
bar000#
bar001#
...
baz000^
baz001^
comboleetor.pl can do what you need. Read on below for more details.
The output can be fed directly into hashcat - the premier password cracking program.
Get the code as a gzipped tarball here. Requires GetOpt::Std.
A training presentation is available here.
Usage
perl comboleetor.pl [-b blocksfile] [-n numbersfile] [-c] [-s] [-h | -H]
where blocksfile and numbersfile contain word blocks and numbers respectively,
default files are blocks.txt and numbers.txt in the current directory.
-c Serialize capitalization throughout the output word
-s Print all hashes and exit. Allows you to see the contents
of all hashes just prior to combining. Useful for debugging.
-h Print short help
-H Print longer help text with examples (this text)
comboleetor.pl - password generator combining
blocks, numbers, punctuation,
and 'leetspeak' substitutions.
Input Specification
The input specification allows for up to five characters of the following set in any order:
B word blocks
b word blocks subjected to leet substitutions at output.
N Number elements
P Punctuation elements
The goal is to produce all possible combinations of these elments in the order they are specified. The specification of elements comes from the user on stdin via terminal, pipe, file, etc.
For example, consider the blocks file (default ‘blocks.txt’) containing two words:
tin
can
and the numbers file (default ‘numbers.txt’) containing three numbers
031
072
2600
Running comboleetor.pl like this
echo 'BN' | perl comboleetor.pl
produces the following on stdout:
can
can2600
can031
can072
tin
tin2600
tin031
tin072
Another example:
echo 'NBN' | perl comboleetor.pl
produces on stdout:
2600
2600can
2600can2600
2600can031
2600can072
2600tin
2600tin2600
2600tin031
2600tin072
031
031can
031can2600
031can031
031can072
031tin
031tin2600
031tin031
031tin072
072
072can
072can2600
072can031
072can072
072tin
072tin2600
072tin031
072tin072
The -c option provides serialized capitalization. Each letter is capitalized in turn.
echo 'B' | perl comboleetor.pl -c
produces on stdout:
can
can
Can
cAn
CAn
caN
CaN
cAN
CAN
tin
tin
Tin
tIn
TIn
tiN
TiN
tIN
TIN
With ‘b’, there is leetspeak substitution. The next example shows interactive use of the program from the terminal. Some additional output to stderr is shown. To output just the passwords, redirect stdout to a separate file.
$ perl comboleetor.pl
:>> b
BLOCKS with leet subs.
===========================================================
can
can
(an
c4n
(4n
ca|\|
(a|\|
c4|\|
(4|\|
can
(an
c@n
(@n
ca|\|
(a|\|
c@|\|
(@|\|
can
(an
c/-\n
(/-\n
ca|\|
(a|\|
c/-\|\|
(/-\|\|
tin
tin
7in
t!n
7!n
ti|\|
7i|\|
t!|\|
7!|\|
tin
+in
t!n
+!n
ti|\|
+i|\|
t!|\|
+!|\|
:>> ^D
END
$
If you do not see your favorite leet substitution, edit the code and re-run.
This can also be combined with the -c option, which capitalizes any lower case characters that appear in the leet output:
$ perl comboleetor.pl -c
:>> b
BLOCKS with leet subs.
===========================================================
(4|\|
+i|\|
+i|\|
+I|\|
c/-\|\|
c/-\|\|
C/-\|\|
ca|\|
ca|\|
Ca|\|
cA|\|
CA|\|
can
can
Can
cAn
CAn
caN
CaN
cAN
CAN
(@|\|
ti|\|
ti|\|
Ti|\|
tI|\|
TI|\|
+in
+in
+In
+iN
+IN
(@n
(@n
(@N
c@|\|
c@|\|
C@|\|
c/-\n
c/-\n
C/-\n
c/-\N
C/-\N
t!n
t!n
T!n
t!N
T!N
(a|\|
(a|\|
(A|\|
c4n
c4n
C4n
c4N
C4N
t!|\|
t!|\|
T!|\|
c@n
c@n
C@n
c@N
C@N
(/-\|\|
c4|\|
c4|\|
C4|\|
+!|\|
(an
(an
(An
(aN
(AN
tin
tin
Tin
tIn
TIn
tiN
TiN
tIN
TIN
(4n
(4n
(4N
(/-\n
(/-\n
(/-\N
+!n
+!n
+!N
7in
7in
7In
7iN
7IN
7i|\|
7i|\|
7I|\|
7!|\|
7!n
7!n
7!N
:>> ^D
END
$
Note that capitalization with -c happens last, just before output.
Try the following combinations interactively:
BBN
BNb
bNPP
etc.
Note: this program can generate a lot of output. Start with small files and simple patterns to ensure you know how the program operates.
Also, output is not guaranteed to be unique. Certain combinations of options may generate identical output, though the amount of non-unique output is relatively small. To produce unique output, postprocess the output with other tools such as:
echo 'bb' | perl comboleetor.pl -c | sort | uniq
Numbers and Number Formats
Starting in version 2.0, the usage of the numbers file has changed. Numbers can still be specified one line at a time, but a new syntax is available to generate lists and ranges of numbers with an optional format specification.
Lines may now take the form:
n | n,n... | n-m | printspec | # Comment...
where printspec is of the form:
%[-|+][n][.n][d|x]
Examples:
%-03.3d - left justified, zero filled 3 octet decimal number field
%-05.5x - left justified, zero filled 5 octet hexidecimal number field
%d - any decimal number, no format applied
The printspec specification is based on the sprintf format definitions. See the “perldoc -f sprintf” function documentation for format details. Generally speaking, in practice, only the ‘d’ and ‘x’ format specifications are of any use. The range syntax makes it easy to create a large number of entries, e.g. 0-9999 produces 1000 entries in the numbers hash.
Format specifications remain in effect until changed, and numbers and or ranges may be overridden by later entries.
For example, consider a numbers file containing:
#
# Numbers file demonstrating v2.0 syntax
#
#
# Start with a print spec of a 3 character zero filled decimal numbers
#
%03.3d
31,72,2600
#
#
# Switch to 5 char zero filled hexadecimal and output a range
#
%05.5x
40-50
#
#
# Remove zero fills and switch back to decimal list and range
#
%d
1,2,4,10-15
produces a numbers hash containing:
1
2
4
10
11
12
13
14
15
031
00028
00029
0002a
0002b
0002c
0002d
0002e
0002f
00030
00031
00032
072
2600
#
# Note: simple is good. Try to keep the numbers and formats simple.
# Use the -s option to output all hashes to examine the number entries.
#
Author Rant
Ok, why another combinator?
I needed to recover a password I used over 10 years ago. Back then, I used personal word blocks, numbers, and punctuation in different uh, combinations. Since the end results were usually 10 or more characters or (frequently 12-15) just brute forcing it was not practical. Also, my use of leetspeak is a bit different than most, as I sometimes used multiple characters in my leet substitutions - ‘|_’ for ‘L’ and other similar subs as you can see in the code.
This combinator drastically reduces the search time by only using blocks of text, numbers, punctuation, and leetspeak frequently used.
It is missing some features found in other combinators - rotation, space generation, etc. These can be easily added, or the output can be piped to another combinator that does those operations.
If someone else has already written something just like it, I’ve yet to find it though, to be honest, I didn’t look really hard :-).
I hope it’s useful to someone else besides me.
If you like it, drop me a line - jpb Atsign jimby.name
Posted to forum.hashcat.net by the author.