Bounty 10000$ Who can help me recall password!

[walletrecovery]

For example password is: Ca******** = 10 characters and/or more...
Only by such a template we need to extract passwords from dictionaries.
Who want and can CONTINUE to create another dictionaries from this list?
https://weakpass.com/wordlist

I can continue, but like I said: you'll have to select which .torrents to download by yourself. There are 107 pages on that site, each with 15 download links. If you select them, I'll get you anything that starts with Ca. But I'll need a list that I can easily process.
The Download link itself seems to work fine too, I get 70 MB/s which is even easier than the Torrent. I can pipe the download to extract it and only save the result.
Example:

Code:

wget -O- https://download.weakpass.com/wordlists/1326/b0n3z-sorted-wordlist.gz | gunzip | grep -a "^Ca" > b0n3z-sorted-wordlist.txt

This 23 GB file takes 7 minutes to process.

If you get me a list of all ~1500+ links, I'll extract them all. But I'm not going to copy that many links myself.
I'll even remove duplicates for you

If I knew which dictionary contains the password I need, then it would be much easier and faster. But the problem is that I don't know which dictionary contains the password and whether it is in any of the dictionaries at all.
I only know that the password was created by a human, not a robot, and that this password was set in March 2015 and has not changed since then. Therefore, this password could be stolen by hackers and entered the collection of these dictionaries. Also I know that the password has the first two letters "Ca" and the password cannot be shorter than 10 characters. Brute force is useless, so all hope is for dictionaries.
Okay, I will prepare for you a list of torrent links and dictionary names. We will keep records and cross out dictionaries that have already been checked.
I need a couple of days or less to complete this work.

Update:
I propose to start by processing these 3 dictionaries: https://weakpass.com/all-in-one
1) https://download.weakpass.com/wordlists/all-in-one/1/all_in_one.7z.torrent
2) https://download.weakpass.com/wordlists/all-in-one/1/all_in_one_p.7z.torrent
3) https://download.weakpass.com/wordlists/all-in-one/1/all_in_one_w.7z.torrent

[alexeyneu]

what if this dude just joking about c a giving you wallet?
another thing is that neither he nor you  have money now. haha

[walletrecovery]

what if this dude just joking about c a giving you wallet?
another thing is that neither he nor you  have money now. haha

if you want to troll, then this is not the place for you, we are busy with serious work here.

[alexeyneu]

really? ok looks like that's an answer

[LoyceV]

I only know that the password was created by a human, not a robot, and that this password was set in March 2015 and has not changed since then. Therefore, this password could be stolen by hackers and entered the collection of these dictionaries.

If the password is only used for this wallet, the wallet would have been emptied if the password had been leaked. If the same password was used for several different websites it could have been leaked without compromising the wallet, but if it was used on many websites I don't think it's likely it the owner would have forgotten it.

It looks like 7z can't be extracted from stdin:

First, 7-Zip supports only some archive types for piping. For -si, it accepts xz, lzma, tar, gzip and bzip2. For -so, it accepts xz, gzip, bzip2 and tar.

That means I have to download those files first, before extracting them (and messing with this since yesterday delayed my response).

Update:
I propose to start by processing these 3 dictionaries: https://weakpass.com/all-in-one
1) https://download.weakpass.com/wordlists/all-in-one/1/all_in_one.7z.torrent
2) https://download.weakpass.com/wordlists/all-in-one/1/all_in_one_p.7z.torrent
3) https://download.weakpass.com/wordlists/all-in-one/1/all_in_one_w.7z.torrent

From Costas at StackExchange.com:

Code:

grep -x '.\{3,10\}'

I got anything from 8 to 20 characters, starting with "Ca". See le6-1-93ghostman.pulsedmedia.com/public-loyceclu/all_in_one_3.txt (this server expires in 3 days, I'm going to miss the 16 cores and 128 GB RAM).

There's another problem with the list: there are some empty lines in it, which must be caused by some very weird characters.

Reminder for myself:

Code:

p7zip -c -d all_in_one.7z | grep -a "^Ca" | grep -ax '.\{8,20\}' | sort -u -S 20% | gzip >> output.txt.gz

[walletrecovery]

I got anything from 8 to 20 characters, starting with "Ca". See le6-1-93ghostman.pulsedmedia.com/public-loyceclu/all_in_one_3.txt (this server expires in 3 days, I'm going to miss the 16 cores and 128 GB RAM).

Dear friend!
Why can't you pack this file "all_in_one_3.txt" into an archive (7zip, ARJ, ZIP etc)
and then post it to the public via a link? You can download from: https://7-zip.org
462 Mb (before 7-zip)
64,5 Mb (after 7-zip)

Also I see inside this passwords:
...
Ca$$0411 (8 characters)
Ca$$0411 (8 characters)
Ca$$0496 (8 characters)
Ca$$0496 (8 characters)
Ca$$_05 (7 characters)
Ca$$0697 (8 characters)
...

We need a humans passwords of 10 or more characters only :-)
-----------------------------------------------------------------------
Also You can delete this files, because it is a bruteforce method:
http://le6-1-93ghostman.pulsedmedia.com/public-loyceclu/5.txt
http://le6-1-93ghostman.pulsedmedia.com/public-loyceclu/6.txt
http://le6-1-93ghostman.pulsedmedia.com/public-loyceclu/7.txt
http://le6-1-93ghostman.pulsedmedia.com/public-loyceclu/8.txt
-----------------------------------------------------------------------

Dictionary cache built:
* Filename..: f:\hashcat\wallet\all_in_one_3.txt
* Passwords.: 38065930
* Bytes.....: 484817732
* Keyspace..: 38065930
* Runtime...: 3 secs
...

[LoyceV]

Why can't you pack this file "all_in_one_3.txt" into an archive

Piping it through gzip is no problem. I'll do that right now on all .txt files, see here when it's done.

462 Mb (before 7-zip)
64,5 Mb (after 7-zip)

It's slightly bigger using gz, but it's a more common (and much faster) compression method.

Also I see inside this passwords:
...
Ca$$0411 (8 characters)
Ca$$0411 (8 characters)

Are you sure there's a duplicate? That shouldn't have happened. If it did, I forgot a "-u" option somewhere.

We need a humans passwords of 10 or more characters only :-)

I figured I'd give you some more marging in case it's shorter anyway.

[seoincorporation]

Also I see inside this passwords:
...
Ca$$0411 (8 characters)
Ca$$0411 (8 characters)

Are you sure there's a duplicate? That shouldn't have happened. If it did, I forgot a "-u" option somewhere.
...

I just sha256 on both strings to verify they are the same, and yes they are:

Code:

forum@bitcoin:~$ echo 'Ca$$0411' | sha256sum
f5985cfee81e0a3636fa3a5ca5c1c22b0e4a4b97571d840c917f4a903c8fbb1b  -
forum@bitcoin:~$ echo 'Ca$$0411' | sha256sum
f5985cfee81e0a3636fa3a5ca5c1c22b0e4a4b97571d840c917f4a903c8fbb1b  -

My guess is one of those has an space in front of it, and we can remove those with sed:

Code:

sed 's/ //g'

Remember to use sed before sort. 

[LoyceV]

I just sha256 on both strings to verify they are the same, and yes they are:

I was more curious if OP copied the same line twice. But I confirmed it's in the file.

I did sort -u again, but it's still in there twice.
I tried sort -u | uniq, with the same result.

This just doesn't make sense:

Code:

cat all_in_one_3.txt | grep 'Ca$$0411' | sort -u | uniq           
Ca$$0411
Ca$$0411

It turns out they're different after all. It just can't be displayed:

Code:

for i in `cat all_in_one_3.txt | grep 'Ca$$0411' | sort -u | uniq`; do echo $i | md5sum; done
bb63f44bb7d31b5d58e0e4fc75906e9c  -
241b4b251694cb0f29632a89fbde1672  -

My guess is one of those has an space in front of it

That's not possible after grep "^Ca".

[PawGo]

If you are tired and lazy, then do not participate in this process. Write here which dictionaries
You have used and downloaded so that other people do not do the same job twice. Thank You!

Oooh, real gentleman's talk. That's how you make friends?

By the way, I wrote clearly:

I have prepared 4 files for you: 2 based on openwall, 1 from rocktastic12a and 1 from weakpass3w:

Source dictionary was specified in filename.

Could you clarify based on what you assume that password used on that wallet file is for sure in one of leaked passwords list?
You would quickly extend dictionary to desired number of characters (by the way owner should remember if it was 10 or 20 characters, as it is 100% change) using hybrid mode and extending each of known words by custom set of digits or special characters.

[walletrecovery]

If you are tired and lazy, then do not participate in this process. Write here which dictionaries
You have used and downloaded so that other people do not do the same job twice. Thank You!

Oooh, real gentleman's talk. That's how you make friends?

By the way, I wrote clearly:

I have prepared 4 files for you: 2 based on openwall, 1 from rocktastic12a and 1 from weakpass3w:

Source dictionary was specified in filename.

Could you clarify based on what you assume that password used on that wallet file is for sure in one of leaked passwords list?
You would quickly extend dictionary to desired number of characters (by the way owner should remember if it was 10 or 20 characters, as it is 100% change) using hybrid mode and extending each of known words by custom set of digits or special characters.

Cash prizes will be given to all who participated in the process.
Prize number 1 - $10,000 for the person whose dictionary contains the password.
Prize number 2 - $ 3000 who participated
Prize number 3 - $ 3000 who participated
Prize number 4 - $ 3000 who participated
I don't think there will be more than 4 helpers. Now I see 2 helpers.

We will not do brute force or search by mask yet, it takes a lot of resources and time.
So far, we have hope that the password was stolen in 2015 and is in one of the dictionaries.
The password is 10 or more characters, including the first two letters "Ca".

[PawGo]

It would be useful if you post (for example one the first page) the list of already processed files / dictionaries / sources (and maybe size of dic/nb of files)
It is easier to check in one place than read the whole topic and look for filenames.

[LoyceV]

It would be useful if you post (for example one the first page) the list of already processed files / dictionaries / sources (and maybe size of dic/nb of files)

If All wordlists in one does what the name says, this includes all other lists:

This wordlist is the compilation of all wordlists in one. It may be helpful to create a table-lookup for hashes and password search.

It also says that All-in-One-P and All-in-One-Wi-Fi are subsets of All-in-One. So that makes searching further on weakpass.com futile.

I counted: the 57 GB all_in_one.7z file has 40,247,321,168 passwords. After several hours, I found out that's the exact same amount mentioned on weakpass.com already

[walletrecovery]

It would be useful if you post (for example one the first page) the list of already processed files / dictionaries / sources (and maybe size of dic/nb of files)
It is easier to check in one place than read the whole topic and look for filenames.

You are absolutely right, I wrote about this, but I do not receive information about the names of dictionaries that have already been processed.
Those who processed these dictionaries know about it. I can make a list and pin at the beginning of the topic, and I will update this list. Thanks!

[walletrecovery]

I got anything from 8 to 20 characters, starting with "Ca". See le6-1-93ghostman.pulsedmedia.com/public-loyceclu/all_in_one_3.txt

Dictionary cache built:
* Filename..: f:\hashcat\wallet\all_in_one_3.txt
* Passwords.: 38065930
* Bytes.....: 484817732
* Keyspace..: 38065930
* Runtime...: 3 secs
...

Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 11300 (Bitcoin/Litecoin wallet.dat)
Hash.Target......: $bitcoin$64$***********************************************
Time.Started.....: Mon Apr 04 14:20:03 2022 (6 hours, 20 mins)
Time.Estimated...: Mon Apr 04 20:40:37 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (f:\hashcat\wallet\all_in_one_3.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:     1667 H/s (0.16ms) @ Accel:1024 Loops:16 Thr:32 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 38065930/38065930 (100.00%)
Rejected.........: 0/38065930 (0.00%)
Restore.Point....: 38065930/38065930 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: Caя┐╜adas -> CaшкШчЩ║цAзCaцФ╛xЗ║
Hardware.Mon.#1..: Temp: 41c Fan: 45% Util: 63% Core:1199MHz Mem:6794MHz Bus:16

[PrivatePerson]

"Excellent" service...
Is your whole service just about extracting a hash from a file and inserting it into a hashcat?
Post the hash or file here.

[walletrecovery]

"Excellent" service...
Is your whole service just about extracting a hash from a file and inserting it into a hashcat?
Post the hash or file here.

If I show HASH here, then whoever finds the password will take all the coins for themselves.
This wallet accidentally fell into the hands of merchants and is now being sold online for little money,
because the merchants do not know anything about these hints.