THE FORUM IS IN READ-ONLY MODE

This forum is in read-only mode. The new forum is live at https://discourse.openbullet.dev and registrations are open!

Dictionary attack with wordlist



  • Hello, is it possible using OpenBullet to use a dictionary attack i.e use a 1 million password list against one email as opposed to individual email:password combos? Thank you


  • Admin

    Yes just hardcode the email in the config (or use custom inputs to specify it at runtime), and use a list of passwords as wordlist (you can use the Default wordlist type or make your own with your own validity regex)



  • Ok, what would be the default variable name if my password list has no delimiter (i.e it is just password instead of email:password)? It seems it would be tedious to hardcode an email into such a large file each time even programmatically but maybe I'm wrong


  • Admin

    Open Settings/Environment.ini and specify a new Wordlist Type like this

    [WLTYPE]
    Name=Passwords
    Regex=^.*$
    Verify=False
    Separator=§
    Slices=PASS
    

    Then use it in your config's allowed wordlist types, in the debugger when you debug, and when you import your wordlist (do not drag and drop it, otherwise it will try to infer the wordlist type automatically and it might get it wrong).

    You will now be able to use <PASS> wherever you want in your config to get the value of the current password assigned to the bot (and in the test data of the debugger, as usual).



  • Ok, thank you for your help!


Log in to reply