hashcat Forum

We have attempted to brute force the password for a blockchain wallet from 2013.


We have used blockchain2john.py to create a $blockchain$ hash.

We also do not know how much is in the wallet, it could be 0.

We are using the command: ./hashcat blockchain.hash -a3 -w4 -i


Our hashcat rig has got to 10 characters and now we realise this is indeed a very long time to complete :-)

We know the password is a mixture of lowercase/uppercase/numbers/symbols.

We think its a capital letter word followed by 2 numbers and a symbol but unsure on the symbol.

For example, there are no $ or [ in the password.

We have narrowed the symbol used down to some possibilities: !, ;, : and @

So now we are going to try a combination/mask attack.


Our questions at this time:

How can we produce a mask attack that excludes all symbols except a few?

How can we produce something that will suit our needs?

How do we know if our commands passed into hashcat are working?

What is an example command for hashcat for a blockchain wallet?

Can we find the address without cracking the password?


Thanks

Use mask attack https://hashcat.net/wiki/doku.php?id=mask_attack

(12-07-2022, 12:47 AM)marc1n Wrote: [ -> ]Use mask attack https://hashcat.net/wiki/doku.php?id=mask_attack

Thanks. We have read the wiki for mask attack but we are unable to figure out how to specify reduced amount of symbols to use.

You will be required to create customer character sets. That would require to define parameters -1 to -4 for different case usage. So for example if you know the first letter is a capital and most likely not a vowel you can create that by defining -1.


By defining -1 you can use it as you would any other specific character maskset using "?" and the number appended to that custom set. So to define 2 sets and use them in conjunction would be as the following:


The last snippet you would receive a password beginning with a uppercase then 6 lower case followed by 2 digits and finally a limited special character. Hope this helps.