hashcat Forum

Hi All,

I am very new to this. I have been poking around using Hashcat trying crack a PDF file (m 10500) password. I know the following about it:

The user says that they use the following pattern:

[Special Character]Regular English Word[Special Character]A Different English Word[Special Character]

• Each special character is blank, or a special character, typically a shifted number or such, brackers, punctuation. No high order characters.
  
• Regular English words of something you might look up and see in a typical room. Typically, lower case but may have an initial cap.
  

Here is my current command line:

hashcat.exe -S -w 3 -m 10500 words_alpha.txt -r onerule.txt -o cracked.txt


What are some better approaches to getting this done?

I would love your input and ideas!

Thanks!
Paul.

One way to do it could be by first creating a list of words with added special characters, like this:

Hashcat -a6 wordlist ?s --stdout > wordlist-specchar.txt

And then run a command where I pipe hashcat into itself:

Hashcat -a1 wordlist-specchar.txt wordlist-specchar.txt --stdout | hashcat -a7 -m10500 hash ?s

Another option is creating one list of words and one list of special chars and then use combinatorx from hashcat-utils to combine them and pipe them into hashcat.

I am going to try both options. Thank you so much! I will let you know how it goes...

One thing - I am trying to find CombinatorX and it does not seem to be in hashcat-utils-1.9... I must be missing something?

Thanks,
Paul.

Hmmm...

Here are my two commands:

This works:

Hashcat -a6 f:\crack\500words.txt ?s --stdout > f:\crack\500words-specchar.txt

This:

Hashcat -a1 f:\crack\500words-specchar.txt f:\crack\500words-specchar.txt --stdout | hashcat -a7 -m10500 f:\crack\source.hash ?s -o f:\crack\500-output.txt

Give me the following output:

hashcat (v6.2.6) starting

Successfully initialized the NVIDIA main driver CUDA runtime library.

Failed to initialize NVIDIA RTC library.

* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
CUDA SDK Toolkit required for proper device support and utilization.
Falling back to OpenCL runtime.

* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
clCreateContext(): CL_OUT_OF_HOST_MEMORY

OpenCL API (OpenCL 3.0 CUDA 12.0.147) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #1: Quadro P620, 1664/2047 MB (511 MB allocatable), 4MCU

OpenCL API (OpenCL 3.0 ) - Platform #2 [Intel(R) Corporation]
=============================================================
* Device #2: Intel(R) UHD Graphics 630, 26112/52310 MB (2047 MB allocatable), 24MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 32

No usable dictionary file found.

Started: Tue Feb 21 09:30:10 2023
Stopped: Tue Feb 21 09:30:14 2023

And no output...


Any thoughts on why the No usable dictionary file found is there.

Thanks!
Paul.

Bump?

(02-23-2023, 05:50 PM)pdparisi Wrote: [ -> ]Bump?

first resolve this 2 problems

Failed to initialize NVIDIA RTC library. -> CUDA SDK isnt installed properly

* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
clCreateContext(): CL_OUT_OF_HOST_MEMORY

-> install the patch and reboot

next thing, your command line is wrong, you cannot combine attackmodes over pipe as far as i know

this line should work, but you lose the -a7 part, (instead generate the -a7 part like you did with -a6 and combine the 6 output and the 7output)

Hashcat -a1 f:\crack\500words-specchar.txt f:\crack\500words-specchar.txt --stdout | hashcat -m10500 f:\crack\source.hash -o f:\crack\500-output.txt

Hashcat -a1 6output.txt 7output --stdout | hashcat -m10500 f:\crack\source.hash -o f:\crack\500-output.txt

Thank you for the pointers. I really appreciate it.

Here are the two command lines that I think incorporate your recommendations:

Hashcat -a6 f:\crack\500words.txt ?s --stdout > f:\crack\500words-specchar6.txt

Hashcat -a7 f:\crack\500words-specchar6.txt f:\crack\500words-specchar6.txt --stdout > f:\crack\500words-specchar7.txt

Is that correct? Do I have it closer?

Thanks,
Paul.

i hope im assuming right what you want to achieve, otherwise please tell me, you have a dict with 500 words, lets assume one word ist "yellow" and "red" and you want do attack your hash with all mixed candidates like

*yellowyellow*
!yellowyellow*
!yellowred*
*redyellow*
so (special char + word + word + special char) if yes there are, two ways

first approach, generating basic dicts
Hashcat -a6 f:\crack\500words.txt ?s --stdout > f:\crack\500words-specchar6.txt
Hashcat -a7 ?s f:\crack\500words.txt --stdout > f:\crack\500words-specchar7.txt

hashcat -a1 -m10500 -O hash f:\crack\500words-specchar7.txt f:\crack\500words-specchar6.txt

second aproach (depending on your real dict line count, as combinator output gets big very fast depending on combinations, for example, i tested it with 500 numbers 0000-0499 as basic dict 500txt, + a7 results in s500.txt with 16500 lines and 115kb, combinator s500.txt 500.txt > s500x500.txt is ~91MB

Hashcat -a7 ?s f:\crack\500words.txt --stdout > f:\crack\500words-specchar7.txt
combinator 500words-specchar7.txt 500words.txt > s500x500.txt

hashcat -a6 -m10500 -O hash s500x500.txt ?s

with just 500 words as basic dicts, there should be no speed diff in these two approaches

Your assumption is correct but there needs to be and optional special character between each word.

*yellow$yellow*
!yellow%yellow*
!yellow@red*
*red#yellow*

so (special char + word + special char + word + special char)...


I am going to see if I can try out your suggestions.

Ok - so I have a more detailed, perhaps this is a smaller set of requirements:

• Two words
• Initial caps
• Numbers after. Most likely 4 digits
• Special characters before or after either $ or !

Example of another password created in the same context: Plate&1015, or $Plate8988