Creating a brute force "profile" based on past passwords

Question

When attempting to brute force a password it can be helpful to minimize the time it needs by applying something like "mixed attacks". This question is mainly about optimizing such a mixed attack.

I have a bitlocker encrypted hard drive and a tool to brute force the hard drive. This isn't malicious intent, just a loss of the password/recovery key and I'm trying to brute force myself out of curiosity.

I am wondering how I can create a profile to be used for the brute that is based on past/previous known passwords.

The unknown password is 8 characters long, is based on a dictionary word and mixes capitalization. It also includes numbers and some characters might be exchanged by symbols. (like a or A as @)

That's the basis I would use for the tool.

Now I'd like to add something more personalized on top by analyzing what I've used before and use that to optimize the basis.

For example (these are not a list of my past passwords) I might have used those in the past:

p@ssw0rd P@ßßw0rD P@$$w0rD cr@ck3nt3r

How can I approach this brute force optimization?

Do I create a dictionary with the list of past passwords?

Can I create a dictionary with that list which includes slight variations of it?

Any other suggestions towards optimizing this based on personal profiles?

Answer 1

I've done something similar after mis-typing a password. I used exrex to generate a list from the possible substitutions, by a regex.

You might run something like this to generate all possible variants of a dictionary word. For example, you may wish to run it with the regex [Pp][aA@][sS$ß]{2}[wW][0oO][rR][dD]

To generalise, you might want to script this to do such replacements for all of /usr/dict or some other dictionary files, doing a replacement for each letter of [lowerUPPER], with additional specific cases (like o) having 0 added.

Outputting this to a file will give you a specific list of passwords to try.