hashcat Forum

I am trying to figure out the appropriate mask for a 12 digit numeric password where one of the 12 digits is randomly assigned an upper case letter character instead of a number.

Example 12345A678901    or 401B23456598

The letter can appear anywhere in the password and there is only ever one letter

I feel like there has got to be a way to use a mask or an approach that requires less possible combinations than a straight brute force attack. Where I am lost is setting it up so that only one digit is ever treated as a letter character.

Any help would be greatly appreciated.

Thanks,

You could run a script that contains 12 different attacks.
-a 3 ?d?d?d?d?d?d?d?d?d?d?d?u
-a 3 ?d?d?d?d?d?d?d?d?d?d?u?d
-a 3 ?d?d?d?d?d?d?d?d?d?u?d?d
-a 3 ?d?d?d?d?d?d?d?d?u?d?d?d

etc
eventually you'll hit the right position. Could re-sort the attacks to go middle out, if you think the odds of finding the upper case letter are in the middle rather than the extremes

or split, prepare a dict with 6 positions numbers from 000000 to 999999 use this dict twice in combinator attack and combine this with a rule file where you also add all rules possible

Overwrite @ N oNX Overwrite character at position N* with X
* Indicates that N starts at 0. For character positions other than 0-9 use A-Z (A=10)

starting with
o0A
o1A
...
oBA
oCA
...
..
oCZ (last)

do this for all Chars from A-Z (there is a thread where you can use maskprocessor oder hahscat to do this for you, im in a hurry, so i cant give you the link)

rules are amplifiers so it should be faster than the pure bruteforce aproach (will test it tomorrow and give you some data on this)

Thanks Snoopy. I am not advanced enough to figure out what this would look like as a hashcat argument. Would you be able to point me in the right direction?